<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi,<br>
<br>
first of all I'd like to say a huge thank you to Aaron, who did
such a huge effort for comparing how a cipherstring works with so
much versions of openssl.<br>
<br>
This raised again the discussion about the best (compromise) for
the Cipherstring (and made it possible, as we see now which
version supports which cipher).<br>
<br>
May I suggest for this to discuss the 'Cipher-Policy' first. The
Cipher String is a technical issue, how to implement this policy
using openssl etc (and I hope it became easier to handle now using
Aarons's tool):<br>
<br>
About the Policy: <br>
- Which Ciphers are should be <span>recommended?</span><br>
- Which priority should a Cipher get <span>(I do think that it
could get harder to find a consensus here)?<br>
- What should we suggest for weak/old systems (besides to
upgrade/replace them ;-) ) (=> Policy C?)<br>
</span>
<br>
The Priority has a huge influence to the security. If the server
has set a priority, this determines the Cipher that is chosen from
the list of ciphers a client (browser) supports. <br>
<br>
I'd like to start with 2 candidates for the Policy B: <br>
<br>
This should be about the status of the discussion:<br>
1) DHE-RSA-AES256-GCM-SHA384<br>
2) DHE-RSA-AES256-SHA256<br>
3) ECDHE-RSA-AES256-GCM-SHA384<br>
4) ECDHE-RSA-AES256-SHA384<br>
5) DHE-RSA-AES128-GCM-SHA256<br>
6) DHE-RSA-AES128-SHA256<br>
7) ECDHE-RSA-AES128-GCM-SHA256<br>
8) ECDHE-RSA-AES128-SHA256<br>
9) DHE-RSA-CAMELLIA256-SHA<br>
10) DHE-RSA-AES256-SHA<br>
11) ECDHE-RSA-AES256-SHA<br>
12) DHE-RSA-CAMELLIA128-SHA<br>
13) DHE-RSA-AES128-SHA<br>
14) ECDHE-RSA-AES128-SHA<br>
15) CAMELLIA256-SHA<br>
16) AES256-SHA<br>
17) CAMELLIA128-SHA<br>
18) AES128-SHA<br>
<br>
Could someone summarize the criteria for this Priority, please?<br>
1st: Forward Secrecy<br>
2nd: ?? first ssl-Protocol that supports the Cipher (like tls1.2,
-> tls 1.1 -> tls 1 -> ssl3)??...<br>
<br>
This is an alternative policy:<br>
1) DHE-RSA-AES256-GCM-SHA384<br>
2) DHE-RSA-AES128-GCM-SHA256<br>
3) DHE-RSA-AES256-SHA256<br>
4) DHE-RSA-AES256-SHA<br>
5) DHE-RSA-CAMELLIA256-SHA<br>
6) DHE-RSA-AES128-SHA256<br>
7) DHE-RSA-AES128-SHA<br>
8) DHE-RSA-CAMELLIA128-SHA<br>
9) ECDHE-RSA-AES256-GCM-SHA384<br>
10) ECDHE-RSA-AES128-GCM-SHA256<br>
11) ECDHE-RSA-AES256-SHA384<br>
12) ECDHE-RSA-AES256-SHA<br>
13) ECDHE-RSA-AES128-SHA256<br>
14) ECDHE-RSA-AES128-SHA<br>
15) AES256-GCM-SHA384<br>
16) AES128-GCM-SHA256<br>
17) AES256-SHA<br>
18) CAMELLIA256-SHA<br>
19) AES128-SHA<br>
20) CAMELLIA128-SHA<br>
<br>
Criteria<a
href="http://dict.leo.org/ende/index_de.html#/search=criteria&searchLoc=0&resultOrder=basic&multiwordShowSingle=on"></a>
(hight -> low)<br>
1st: Forward Secrecy<br>
2nd: Kx: DHE -> ECDHE -> RSA<br>
3rd: Enc: AESGCM -> AES /CAMELLIA<br>
4th: Strong Enc (many Bits) -> Weaker Enc (less Bits) [ bit not
less than 128 bits)<br>
5th: AES -> CAMELLIA<br>
6th: Strong Mac (many Bits) -> Weaker MAC (less Bits) [ bit not
less than 128 bits)<br>
NO Criteria: first ssl-Protocol that supports the Cipher (like
tls1.2, tls 1) <br>
<br>
Are there any other Policies?<br>
Which Criteria builds be best Cipher Policy (Cipher Compromise)?<br>
<br>
Kind regards <br>
Torsten<br>
<br>
<br>
Am 15.05.2014 19:19, schrieb Adi Kriegisch:<br>
</div>
<blockquote cite="mid:20140515171920.GA31951@kriegisch.at"
type="cite">
<pre wrap="">Hey!
First off, thanks for the effort!
</pre>
<blockquote type="cite">
<pre wrap="">EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
</pre>
</blockquote>
<pre wrap="">Something is strange with that cipher string; I still do not grasp the
cipher selection on 0.9.8.
| -> openssl version
| OpenSSL 0.9.8c 05 Sep 2006
| -> openssl ciphers -v 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
| ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
| ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
| ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
| ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
| DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
| AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
| DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
| AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
If you don't mind, I'll try to get the originally intended order (DHE ->
ECDHE -> fallback) with out sacrifying 1.0.0 and 1.0.1 compatibility...
-- Adi
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Ach mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Ach@lists.cert.at">Ach@lists.cert.at</a>
<a class="moz-txt-link-freetext" href="http://lists.cert.at/cgi-bin/mailman/listinfo/ach">http://lists.cert.at/cgi-bin/mailman/listinfo/ach</a>
</pre>
</blockquote>
<br>
</body>
</html>