[Ach] Cipher-Order: AES128/AES256 - was: Secure E-Mail Transport based on DNSSec/TLSA/DANE
Gunnar Haslinger
gh.bettercrypto at hitco.at
Sun Nov 8 15:13:27 CET 2015
Am 08.11.2015 um 14:09 schrieb Adi Kriegisch:
> or on pretty old openssl 0.9.8:
> ECDHE-RSA-AES256-SHA
> ECDHE-RSA-AES128-SHA
> ECDH-RSA-AES256-SHA
> ECDH-RSA-AES128-SHA
> DHE-RSA-AES256-SHA
> AES256-SHA
> DHE-RSA-AES128-SHA
> AES128-SHA
What 0.9.8 Version was capable of ECDH? Mine is not, and the docs tell
me 0.9.8 doesn't know EC.
> If you explicitly select included ciphers, '-ALL' isn't required.
I know, but i like to include it to be sure and to make it clear what
the assumption is.
> am not sure if '+TLSv1' works everywhere but using '+SSLv3' does no harm:
Thats true, but many people who just see the "+SSLv3" without knowing
what it does think this cipher-String is weak because of including the
Buzzword "SSLv3".
let me sum up which requirements we considered so far:
Which Ciphers should be included:
1. start with the Ciphers included in the Current CipherString-B, they
are still sane
2. Camellia could be considered to be removed.
3. additional Ciphers could be include if they are sane
4. Ciphers which seem to be unnecessary (e.g. ECDHE with SHA1, Clients
capable ECDH are all capable SHA2) could be removed
Which Ciphers should be preferred:
5. Choose a PFS Cipher if Client/Server are able to
6. Prefer a modern GCM/SHA2 to SHA1
7. Performance: ECDHE could be prefered over DHE
8. Performance: AES128 could be prefered over AES256
How should the String-Building be done:
9. deactivating Ciphers in OpenSSL gives not predictable results in
newer versions as newer ciphers will be added
10. Sorting by "+...." has to be done the least significant property
first and the most significant property last
11. Keep the String short, simple, self-explaining, logical
12. Do not include unwanted Buzzwords like "+SSLv3"
As Adi is unsure if using the "TLSv1" Keyword is supported well try
another one:
As there is really no need to support SHA1 with ECDH just remove it.
When sorting push back SHA1 and the non-PFS kRSA. Then there is no need
to push-back maybe unknown strings like "TLSv1" or use unwanted
buzzwords like "SSLv3" and we get:
$ openssl ciphers -v
'-ALL:kEECDH+aRSA+AES:-SHA1:kEDH+aRSA+AES:aRSA+kRSA+AES:+AES256:+SHA1:+kRSA'
| cut -f1 -d" "
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA
AES128-GCM-SHA256
AES128-SHA256
AES256-GCM-SHA384
AES256-SHA256
AES128-SHA
AES256-SHA
or on old 0.9.8 whithout SHA2 and EC Support this still results in:
DHE-RSA-AES256-SHA
DHE-RSA-AES128-SHA
AES256-SHA
AES128-SHA
More information about the Ach
mailing list