[Ach] [ssllabs-discuss] Minimal recommended cipher suite list, pref. as an interactive SSL Labs page
hkario at redhat.com
Wed Jun 11 13:41:56 CEST 2014
---- Original Message -----
> From: "ianG" <iang at iang.org>
> To: ssllabs-discuss at lists.sourceforge.net
> Cc: "ach at lists.cert.at List Mailing" <ach at lists.cert.at>
> Sent: Wednesday, June 11, 2014 11:54:15 AM
> Subject: Re: [ssllabs-discuss] Minimal recommended cipher suite list, pref. as an interactive SSL Labs page
> On 10/06/2014 23:06 pm, Matthew Wanders wrote:
> > But if you're not hosting on Windows and want a good list of ciphers,
> > stacked in an appropriate order, then this is a good start. This list will
> > favour the best ciphers with the highest bit length first. But I've left a
> > few of the "not so good" ones at the bottom, just to accommodate clients
> If you ever get a chance to redesign, try this:
> More along lines of being helpful and non-sarcastic, how does the Better
> Crypto project's recommendations rate against the above?
This puts DHE before ECDHE, and most problematically, DHE-RSA-AES256-SHA256
Older versions of httpd will use 1024 bit DH parameters. Those provide
about 80 bit level of security (comparable to 1024 bit RSA and SHA-1).
While with ECDH you will get the 256 bit curve which gives you 128 bit
level of security (comparable to 3072 bit RSA and SHA256). Thankfully
the newest releases of httpd select DH parameters based on RSA key size,
so the DH params are not the weakest link any more.
Also using 256bit ciphers without at least disabling TLS session tickets,
disabling SSL3, TLS1.0 and TLS1.1, *and* using very large RSA or ECDSA
keys signed with SHA512 is just wasting cycles. If you're
using AES or CAMELLIA (any key size), the cipher suite is not the weakest
link in the security of connection.
That's why I'd say that the Mozilla guide:
More information about the Ach