Security/Server Side TLS: Difference between revisions

Jump to navigation Jump to search

Security/Server Side TLS (view source)

Revision as of 18:14, 14 October 2013

113 bytes added ,  14 October 2013
→‎Prioritization logic
Line 102: Line 102:
# ECDHE+AESGCM ciphers are selected first. These are TLS 1.2 ciphers and not widely supported at the moment. No known attack currently target these ciphers.
# ECDHE+AESGCM ciphers are selected first. These are TLS 1.2 ciphers and not widely supported at the moment. No known attack currently target these ciphers.
# PFS ciphersuites are preferred, with ECDHE first, then DHE.
# PFS ciphersuites are preferred, with ECDHE first, then DHE.
# AES 128 is preferred to AES 256
# AES 128 is preferred to AES 256. There has been [[http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg11247.html discussions]] on whether AES256 extra security was worth the cost, and the result is far from obvious. At the moment, AES128 is preferred, because it provides good security, is really fast, and seems to be more resistant to timing attacks.
## research shows that AES256 doesn't increase the security level significantly compared to AES128. Moreover, AES256 might be more exposed to timing attacks. Increased computational time contributes to prefer 128 bits.
# AES is preferred to RC4. Beast attacks on AES are mitigated in TLS1.1 and above, and difficult to achieve in TLS1.0. In comparison, attacks on RC4 are not mitigated and likely to become more and more dangerous.
# AES is preferred to RC4
## Beast attacks on AES are mitigated in TLS1.1 and above, and difficult to achieve in TLS1.0. In comparison, attacks on RC4 are not mitigated and likely to become more and more dangerous.


= Mandatory discards =
= Mandatory discards =
Ulfr
Confirmed users
529

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/728737"

Navigation menu