[Ach] favor DHE over ECDHE? (was: preference of curves in ECC - ECDSA, ECDH)
hanno at hboeck.de
Mon Mar 10 10:25:02 CET 2014
On Mon, 10 Mar 2014 10:21:15 +0100
Torsten Gigler <torsten.gigler at owasp.org> wrote:
> What do you think about to favor generally DHE ciphers over ECDHE, as
> long it is not clear which EC curves are save available by clients
> ans servers?
This is in theory a good idea, but ONLY if you use a reasonable large
DHE exchange. Most people use 1024 bit.
> I tried to priorize them also according to BSI
> TR-02102-2: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
Always prefer GCM over CBC, no matter what AES size. CBC has issues,
AES128 has not.
Your config will e.g. cause firefox to connect with CBC.
mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: not available
More information about the Ach