[Ach] Cipher-Order: AES128/AES256 - was: Secure E-Mail Transport based on DNSSec/TLSA/DANE

Adi Kriegisch adi at kriegisch.at
Sun Nov 8 12:48:57 CET 2015


> > Supporting non-ephemeral ciphers is only ever required on certain
> > versions of openssl 0.9.8
> > In other words: you need not provide AES*GCM-SHA2 and AES*SHA2.
> I tested on Debian Lenny 6 with OpenSSL 0.9.8o, it has no SHA2 support,
> so I decided to still include SHA1.
The other way around: you *only* need SHA1 support. All newer
implementations are well aware of ECDHE and DHE and thus will choose
ephemeral ciphers anyways.

> OK, I can see you feel uncomftable with my decision to sort the Ciphers
> only by pushing Back AES256 which leads to old non-PFS-Ciphers between
> good ones. This could be easily solved by adding "+kRSA" to push back
> the non-PFS RSA-based-Key-Agreement Ciphers.
Actually I wouldn't do that too: now you have first ECDHE TLSv1.2-TLSv1.0
and then DHE TLSv1.2-TLSv1.0. I'd very much recommend to prefer TLS1.2 over
all TLSv1.0 ciphers, no matter if they are ECDHE or DHE...
And yes, choosing a cipher string is hard. ;-)

-- Adi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20151108/b7aff934/attachment.sig>

More information about the Ach mailing list