[guardian-dev] Improving enabled TLS Cipher Suites

Eugen Leitl eugen@leitl.org
Thu Sep 12 22:32:04 PDT 2013 

----- Forwarded message from coderman <coderman@gmail.com> -----

Date: Wed, 11 Sep 2013 15:13:09 -0700
From: coderman <coderman@gmail.com>
To: David Chiles <david@chatsecure.org>
Cc: Guardian Dev <guardian-dev@lists.mayfirst.org>
Subject: Re: [guardian-dev] Improving enabled TLS Cipher Suites

of all the suites, these look good (assuming 2k RSA keys)

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

all the rest do not provide forward secrecy, or use ECC with suspect
constants, or use weak ciphers.

i'm open to hearing arguments otherwise.

> ...
> TLS_RSA_WITH_AES_256_CBC_SHA256
> TLS_RSA_WITH_AES_128_CBC_SHA256
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> TLS_DH_anon_WITH_AES_128_CBC_SHA256
> TLS_DH_anon_WITH_AES_256_CBC_SHA256
> TLS_DH_anon_WITH_AES_128_CBC_SHA
> TLS_DH_anon_WITH_AES_256_CBC_SHA
> TLS_ECDH_anon_WITH_AES_128_CBC_SHA
> TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
> TLS_ECDHE_ECDSA_WITH_NULL_SHA
> TLS_ECDHE_RSA_WITH_NULL_SHA
> TLS_RSA_WITH_NULL_MD5
> SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
> TLS_RSA_WITH_NULL_SHA256
> TLS_RSA_WITH_NULL_SHA
> SSL_RSA_WITH_NULL_MD5
>> ...
>>     "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
>>     "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
>>     "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
>>
>>     "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
>>     "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
>>     "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
>>
>>     "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
>>     "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
>>     "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
>>
>>     "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
>>     "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
>>     "TLS_ECDH_RSA_WITH_RC4_128_SHA",
>>
>>     "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
>>     "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
>>
>>     "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
>>     "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
>>
>>     "TLS_RSA_WITH_AES_256_CBC_SHA",
>>     "TLS_RSA_WITH_AES_128_CBC_SHA"
>> ...
_______________________________________________
Guardian-dev mailing list

Post: Guardian-dev@lists.mayfirst.org
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev

To Unsubscribe
        Send email to:  Guardian-dev-unsubscribe@lists.mayfirst.org
        Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen%40leitl.org

You are subscribed as: eugen@leitl.org

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the cypherpunks mailing list