[Ach] favor DHE over ECDHE? (was: preference of curves in ECC - ECDSA, ECDH)
Hanno Böck
hanno at hboeck.de
Mon Mar 10 10:25:02 CET 2014
On Mon, 10 Mar 2014 10:21:15 +0100
Torsten Gigler <torsten.gigler at owasp.org> wrote:
> What do you think about to favor generally DHE ciphers over ECDHE, as
> long it is not clear which EC curves are save available by clients
> ans servers?
This is in theory a good idea, but ONLY if you use a reasonable large
DHE exchange. Most people use 1024 bit.
> I tried to priorize them also according to BSI
> TR-02102-2: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
Always prefer GCM over CBC, no matter what AES size. CBC has issues,
AES128 has not.
Your config will e.g. cause firefox to connect with CBC.
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140310/1140a91a/attachment.sig>
More information about the Ach
mailing list