6
edits
Talk:Security/Server Side TLS: Difference between revisions
Jump to navigation
Jump to search
→Reply to ulfr, 20131209 -- janfrode: new section
(→Reply to ulfr, 20131209 -- janfrode: new section) |
|||
| Line 30: | Line 30: | ||
However, I am confused by your comment that "Lots of non-forward-secret ciphers are prioritized over DHE-RSA-AES128*, breaking rule #2.". Even before the latest change, only PFS ciphers where listed above DHE-RSA-AES128. Did you mean something different? | However, I am confused by your comment that "Lots of non-forward-secret ciphers are prioritized over DHE-RSA-AES128*, breaking rule #2.". Even before the latest change, only PFS ciphers where listed above DHE-RSA-AES128. Did you mean something different? | ||
== Reply to ulfr, 20131209 -- janfrode == | |||
''> However, I am confused by your comment that "Lots of non-forward-secret ciphers are prioritized over DHE-RSA-AES128*, breaking rule #2.". Even before the latest change, only PFS ciphers where listed above DHE-RSA-AES128. Did you mean something different?'' | |||
Not sure what I did previously. I now see DHE-RSA-AES128* before all non-PFS ciphers. | |||
On RHEL6.5/apache-2.2.15 With the currently suggested cipher suites, I got the following order: | |||
prio ciphersuite protocols pfs_keysize | |||
1 DHE-RSA-AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
2 DHE-RSA-AES256-GCM-SHA384 SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
3 DHE-RSA-AES128-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
4 DHE-RSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
5 DHE-RSA-AES256-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
6 DHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
7 AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
8 AES256-GCM-SHA384 SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
9 AES128-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
10 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
11 AES256-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
12 AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
13 RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
14 DHE-RSA-CAMELLIA256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
15 CAMELLIA256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
16 DHE-RSA-CAMELLIA128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
17 CAMELLIA128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 | |||
This still prefers 256 bit DHE-RSA-AES256-GCM-SHA384 over various 128 bit ciphers. And the DHE-RSA-CAMELLIA* suites should probably be moved above the non-PFS. | |||
And did you really mean to introduce the DHE-DSS-suites in the new list? The qualys ssl servertest says these can't be used for PFS because they're effectivly limited to 1024 bit DSS key. | |||