[Ach] favor DHE over ECDHE?
Torsten Gigler
torsten.gigler at owasp.org
Mon Mar 10 15:45:51 CET 2014
Hi Hanno, hi Aaron, Hi Pepi,
thank you very for your answers.
Yes performance issues may be a reason to not to set up the aimed
configuration.
This is in theory a good idea, but ONLY if you use a reasonable large
> DHE exchange. Most people use 1024 bit.
>
Yes, according to BSI TR 02102 this should be 2000 bit, or if applicable
3000 bit from 2015 on.
Always prefer GCM over CBC, no matter what AES size. CBC has issues,
> AES128 has not.
> Your config will e.g. cause firefox to connect with CBC.
>
> Hanno Böck
>
>
I switched it to this way:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
...
RSA.... if necessary
Could this develop to a suggestion for 'CipherStringB', too?
According to what I found in sslsabs 'Java 8b132' is the only 'Client' that
supports 0x9e, besides OpenSSL1.0.1e that supports also 0x9f. Any further
good news on this?
Kind regards
Torsten
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140310/198a34fb/attachment.html>
More information about the Ach
mailing list