[Ach] Policy B, was: Vote for new Cipherstring B

Torsten Gigler torsten.gigler at owasp.org
Fri May 16 00:41:02 CEST 2014


Hi,

first of all I'd like to say a huge thank you to Aaron, who did such a huge effort for comparing how
a cipherstring works with so much versions of openssl.

This raised again the discussion about the best (compromise) for the Cipherstring (and made it
possible, as we see now which version supports which cipher).

May I suggest for this to discuss the 'Cipher-Policy' first. The Cipher String is a technical issue,
how to implement this policy using openssl etc (and I hope it became easier to handle now using
Aarons's tool):

About the Policy:
- Which Ciphers are should be recommended?
- Which priority should a Cipher get (I do think that it could get harder to find a consensus here)?
- What should we suggest for weak/old systems (besides to upgrade/replace them ;-) ) (=> Policy C?)

The Priority has a huge influence to the security. If the server has set a priority, this determines
the Cipher that is chosen from the list of ciphers a client (browser) supports.

I'd like to start with 2 candidates for the Policy B:

This should be about the status of the discussion:
 1) DHE-RSA-AES256-GCM-SHA384
 2) DHE-RSA-AES256-SHA256
 3) ECDHE-RSA-AES256-GCM-SHA384
 4) ECDHE-RSA-AES256-SHA384
 5) DHE-RSA-AES128-GCM-SHA256
 6) DHE-RSA-AES128-SHA256
 7) ECDHE-RSA-AES128-GCM-SHA256
 8) ECDHE-RSA-AES128-SHA256
 9) DHE-RSA-CAMELLIA256-SHA
10) DHE-RSA-AES256-SHA
11) ECDHE-RSA-AES256-SHA
12) DHE-RSA-CAMELLIA128-SHA
13) DHE-RSA-AES128-SHA
14) ECDHE-RSA-AES128-SHA
15) CAMELLIA256-SHA
16) AES256-SHA
17) CAMELLIA128-SHA
18) AES128-SHA

Could someone summarize the criteria for this Priority, please?
1st: Forward Secrecy
2nd: ?? first ssl-Protocol that supports the Cipher (like tls1.2, -> tls 1.1 -> tls 1 -> ssl3)??...

This is an alternative policy:
 1) DHE-RSA-AES256-GCM-SHA384
 2) DHE-RSA-AES128-GCM-SHA256
 3) DHE-RSA-AES256-SHA256
 4) DHE-RSA-AES256-SHA
 5) DHE-RSA-CAMELLIA256-SHA
 6) DHE-RSA-AES128-SHA256
 7) DHE-RSA-AES128-SHA
 8) DHE-RSA-CAMELLIA128-SHA
 9) ECDHE-RSA-AES256-GCM-SHA384
10) ECDHE-RSA-AES128-GCM-SHA256
11) ECDHE-RSA-AES256-SHA384
12) ECDHE-RSA-AES256-SHA
13) ECDHE-RSA-AES128-SHA256
14) ECDHE-RSA-AES128-SHA
15) AES256-GCM-SHA384
16) AES128-GCM-SHA256
17) AES256-SHA
18) CAMELLIA256-SHA
19) AES128-SHA
20) CAMELLIA128-SHA

Criteria<http://dict.leo.org/ende/index_de.html#/search=criteria&searchLoc=0&resultOrder=basic&multiwordShowSingle=on>
(hight -> low)
1st: Forward Secrecy
2nd: Kx: DHE -> ECDHE -> RSA
3rd: Enc: AESGCM -> AES /CAMELLIA
4th: Strong Enc (many Bits) -> Weaker Enc (less Bits) [ bit not less than 128 bits)
5th: AES -> CAMELLIA
6th: Strong Mac (many Bits) -> Weaker MAC (less Bits) [ bit not less than 128 bits)
NO Criteria: first ssl-Protocol that supports the Cipher (like tls1.2, tls 1) 

Are there any other Policies?
Which Criteria builds be best Cipher Policy (Cipher Compromise)?

Kind regards
Torsten


Am 15.05.2014 19:19, schrieb Adi Kriegisch:
> Hey!
>
> First off, thanks for the effort!
>
>> EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
> Something is strange with that cipher string; I still do not grasp the
> cipher selection on 0.9.8.
>   |  -> openssl version
>   | OpenSSL 0.9.8c 05 Sep 2006
>   |  -> openssl ciphers -v 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
>   | ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
>   | ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
>   | ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
>   | ECDH-RSA-AES128-SHA     SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
>   | DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
>   | AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
>   | DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
>   | AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
>
> If you don't mind, I'll try to get the originally intended order (DHE ->
> ECDHE -> fallback) with out sacrifying 1.0.0 and 1.0.1 compatibility...
>
> -- Adi
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140516/8ff1f3c2/attachment.html>


More information about the Ach mailing list