[Ach] [ssllabs-discuss] Minimal recommended cipher suite list, pref. as an interactive SSL Labs page

Julien Vehent julien at linuxwall.info
Sat Jun 14 19:47:16 CEST 2014


 

The wiki page has an explanation at
https://wiki.mozilla.org/Security/Server_Side_TLS#Prioritization_logic
[4] 

 	* _AES 128 is preferred to AES 256. There has been [discussions [5]]
on whether AES256 extra security was worth the cost, and the result is
far from obvious. At the moment, AES128 is preferred, because it
provides good security, is really fast, and seems to be more resistant
to timing attacks._

Removing it completely, however, provides no benefit. It would simply
break clients that decide, for some reason, to only accept AES256. 

On 2014-06-14 12:20, Aaron Zauner wrote: 

> Just out of curiosity; why do you prefer 128bit symmetric ciphers over 256bit ones? In your case both are included, the preference does not make sense to me. 
> i.e.: I'd either drop AES256 or order according to symmetric cipher security (given the same key exchange, MAC,..) 
> 
> On Sat, Jun 14, 2014 at 4:35 AM, Julien Vehent <julien at linuxwall.info> wrote:
> 
> On 2014-06-12 07:09, Hubert Kario wrote:
> While choice of RC4 is bad, they plan to remove it and reinstate 3DES:
> https://bugzilla.mozilla.org/show_bug.cgi?id=927045 [1] Real Time Soon(tm) We did, at least, put 3DES above RC4 in production. The CPU cost was minimal, so I'll update the wiki page Real Time Soon(tm)
> 
> $ ./cipherscan mozilla.org [2]
> ........
> prio ciphersuite protocols pfs_keysize
> 1 DHE-RSA-AES128-SHA SSLv3,TLSv1,TLSv1.1 DH,1024bits
> 2 DHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1.1 DH,1024bits
> 3 EDH-RSA-DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1 DH,1024bits
> 4 AES128-SHA SSLv3,TLSv1,TLSv1.1
> 5 AES256-SHA SSLv3,TLSv1,TLSv1.1
> 6 DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1
> 7 RC4-SHA SSLv3,TLSv1,TLSv1.1
> 
> Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
> TLS ticket lifetime hint: None
> OCSP stapling: supported
> 
> We also started deprecating SSL3 and TLS1 from new sites that require newer browsers, and where backward compatibility is not needed.
> 
> - Julien 
> 
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach [3]
 

Links:
------
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=927045
[2] http://mozilla.org
[3] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
[4]
https://wiki.mozilla.org/Security/Server_Side_TLS#Prioritization_logic
[5]
http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg11247.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140614/df7c061a/attachment.html>


More information about the Ach mailing list