1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
On 19.04.2014 13:51, Mick wrote: |
5 |
> On Thursday 17 Apr 2014 19:43:25 Matti Nykyri wrote: |
6 |
>> On Thu, Apr 17, 2014 at 04:49:45PM +0100, Mick wrote: |
7 |
> |
8 |
>>> Can you please share how you create ECDHE_ECDSA with openssl |
9 |
>>> ecparam, or ping a URL if that is more convenient? |
10 |
>> |
11 |
>> Select curve for ECDSA: openssl ecparam -out ec_param.pem -name |
12 |
>> secp521r1 |
13 |
> [snip ...] |
14 |
> |
15 |
>> I don't know much about the secp521r1 curve or about its |
16 |
>> security. |
17 |
> [snip ...] |
18 |
> |
19 |
> It seems that many sites that use ECDHE with various CA signature |
20 |
> algorithms (ECC as well as conventional symmetric) use the |
21 |
> secp521r1 curve - aka P-256. I just checked and gmail/google |
22 |
> accounts use it too. |
23 |
> |
24 |
> Markus showed secp384r1 (P-384) in his example. |
25 |
> |
26 |
> The thing is guys that both of these are shown as 'unsafe' in the |
27 |
> http://safecurves.cr.yp.to tables and are of course specified by |
28 |
> NIST and NSA. |
29 |
> |
30 |
> Thank you both for your replies. I need to read a bit more into |
31 |
> all this before I settle on a curve. |
32 |
> |
33 |
|
34 |
1.) secp521r1 is *not* P-256 |
35 |
2.) I used secp384r1 aka P-384 as it's defined by RFC 6460 while |
36 |
secp521r1 is not, and all TLS1.2 implementations implement |
37 |
secp256r1 and secp384r1 as defined in RFC 6460, while secp521r1 |
38 |
is implemented only by some. So better to be RFC compliant and |
39 |
reach all possible users/customers as to violate the RFC and |
40 |
loose possible users/customers. |
41 |
https://tools.ietf.org/html/rfc6460 |
42 |
3.) Even the people behind http://safecurves.cr.yp.to have no proof |
43 |
that secp[256|384|521]r1 are unsecure, they just don't trust the |
44 |
NIST. So that list is mostly useless and possibly untrue. |
45 |
4.) ECC in certificates is not widely used and therfor also not |
46 |
extensivly audited, so it might be less secure than SHA256+RSA, |
47 |
or may suffer from implementation failures like heartbeat did. |
48 |
5.) ECDSA has the same problems i mentioned in 4, so it may be a bad |
49 |
idea to use it in production. Stick to ECDHE and as a fallback |
50 |
to DHE. I use the following ciphers for my services: |
51 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) |
52 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) |
53 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) |
54 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) |
55 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) |
56 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) |
57 |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) |
58 |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) |
59 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) |
60 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) |
61 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) |
62 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) |
63 |
|
64 |
|
65 |
|
66 |
- -- |
67 |
Kind Regards, Mit freundlichen Grüssen, |
68 |
Markus Kohlmeyer Markus Kohlmeyer |
69 |
|
70 |
PGP: 0xEBDF5E55 / 2A22 1F71 AA70 1AD1 231B 0178 759F 407C EBDF 5E55 |
71 |
|
72 |
-----BEGIN PGP SIGNATURE----- |
73 |
Version: GnuPG v2.0.22 (MingW32) |
74 |
|
75 |
iQIcBAEBCgAGBQJTUneDAAoJEHWfQHzr315V9hcP/286xUPhj3TtJDZlAmP/lqM9 |
76 |
htEL2eE2Jr7l6GDX8/LNS5kWWN4ytEZEbGEIXijZSjss4AJiWq3b+CmW+n0F75E8 |
77 |
d94bEbl/voiTHS3yF5ytANzOLXdyKt3r7jJ6rAdEHCFI+8SYrV8oNM/u0Vx25saB |
78 |
mFabQrUqfd1pe5vMtYJyl9xGogKuQdWdSCAO4K2u62Ktrbh7XGxgzMnToxzOZh+G |
79 |
LxCSlRO+YdArW4pD5rOOfTm/6gPdq3t/KtM/+1sdkvhSP+t6VfbBZKFXBdyIto3+ |
80 |
B4vd2Wz2XtN1POAWezY2E9PjfeEo0jkfXUNgxo9FiCiX5M7u8/izirEQSw3yKONS |
81 |
WmEhu+Bc0zYfaHN/4Up+Pq+8yUEQMiY5llOS2YaiTivHCajq9+e5ULFI42GTY+dG |
82 |
BJcVFKz5nUQaACbhDJ1sXgrOh2GMMaUn61RF7a+5FbEDLhmo/Db7WYJzjfTSRqfa |
83 |
EGtFC++P4ZN6R6AXt1CThdUoJC1x4YAU5ncu77iTAr5bxD3SE4UGnLpE5NNOS4AH |
84 |
53bF8RKNlp7GV8ukyt3FBnQt9+TQt+ePcyru6teLHfb0f2euz7dRTtgkL/P4wi30 |
85 |
XtWxVTsk0JrufFVpm7FZNaIvHnZ2SS0AU4NIvejTVOmlkP3vXBqzNHCzoapTW09d |
86 |
+6rVo7teibHK1B59e+0P |
87 |
=KASv |
88 |
-----END PGP SIGNATURE----- |