| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
On 19.04.2014 13:51, Mick wrote: |
| 5 |
> On Thursday 17 Apr 2014 19:43:25 Matti Nykyri wrote: |
| 6 |
>> On Thu, Apr 17, 2014 at 04:49:45PM +0100, Mick wrote: |
| 7 |
> |
| 8 |
>>> Can you please share how you create ECDHE_ECDSA with openssl |
| 9 |
>>> ecparam, or ping a URL if that is more convenient? |
| 10 |
>> |
| 11 |
>> Select curve for ECDSA: openssl ecparam -out ec_param.pem -name |
| 12 |
>> secp521r1 |
| 13 |
> [snip ...] |
| 14 |
> |
| 15 |
>> I don't know much about the secp521r1 curve or about its |
| 16 |
>> security. |
| 17 |
> [snip ...] |
| 18 |
> |
| 19 |
> It seems that many sites that use ECDHE with various CA signature |
| 20 |
> algorithms (ECC as well as conventional symmetric) use the |
| 21 |
> secp521r1 curve - aka P-256. I just checked and gmail/google |
| 22 |
> accounts use it too. |
| 23 |
> |
| 24 |
> Markus showed secp384r1 (P-384) in his example. |
| 25 |
> |
| 26 |
> The thing is guys that both of these are shown as 'unsafe' in the |
| 27 |
> http://safecurves.cr.yp.to tables and are of course specified by |
| 28 |
> NIST and NSA. |
| 29 |
> |
| 30 |
> Thank you both for your replies. I need to read a bit more into |
| 31 |
> all this before I settle on a curve. |
| 32 |
> |
| 33 |
|
| 34 |
1.) secp521r1 is *not* P-256 |
| 35 |
2.) I used secp384r1 aka P-384 as it's defined by RFC 6460 while |
| 36 |
secp521r1 is not, and all TLS1.2 implementations implement |
| 37 |
secp256r1 and secp384r1 as defined in RFC 6460, while secp521r1 |
| 38 |
is implemented only by some. So better to be RFC compliant and |
| 39 |
reach all possible users/customers as to violate the RFC and |
| 40 |
loose possible users/customers. |
| 41 |
https://tools.ietf.org/html/rfc6460 |
| 42 |
3.) Even the people behind http://safecurves.cr.yp.to have no proof |
| 43 |
that secp[256|384|521]r1 are unsecure, they just don't trust the |
| 44 |
NIST. So that list is mostly useless and possibly untrue. |
| 45 |
4.) ECC in certificates is not widely used and therfor also not |
| 46 |
extensivly audited, so it might be less secure than SHA256+RSA, |
| 47 |
or may suffer from implementation failures like heartbeat did. |
| 48 |
5.) ECDSA has the same problems i mentioned in 4, so it may be a bad |
| 49 |
idea to use it in production. Stick to ECDHE and as a fallback |
| 50 |
to DHE. I use the following ciphers for my services: |
| 51 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) |
| 52 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) |
| 53 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) |
| 54 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) |
| 55 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) |
| 56 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) |
| 57 |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) |
| 58 |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) |
| 59 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) |
| 60 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) |
| 61 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) |
| 62 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) |
| 63 |
|
| 64 |
|
| 65 |
|
| 66 |
- -- |
| 67 |
Kind Regards, Mit freundlichen Grüssen, |
| 68 |
Markus Kohlmeyer Markus Kohlmeyer |
| 69 |
|
| 70 |
PGP: 0xEBDF5E55 / 2A22 1F71 AA70 1AD1 231B 0178 759F 407C EBDF 5E55 |
| 71 |
|
| 72 |
-----BEGIN PGP SIGNATURE----- |
| 73 |
Version: GnuPG v2.0.22 (MingW32) |
| 74 |
|
| 75 |
iQIcBAEBCgAGBQJTUneDAAoJEHWfQHzr315V9hcP/286xUPhj3TtJDZlAmP/lqM9 |
| 76 |
htEL2eE2Jr7l6GDX8/LNS5kWWN4ytEZEbGEIXijZSjss4AJiWq3b+CmW+n0F75E8 |
| 77 |
d94bEbl/voiTHS3yF5ytANzOLXdyKt3r7jJ6rAdEHCFI+8SYrV8oNM/u0Vx25saB |
| 78 |
mFabQrUqfd1pe5vMtYJyl9xGogKuQdWdSCAO4K2u62Ktrbh7XGxgzMnToxzOZh+G |
| 79 |
LxCSlRO+YdArW4pD5rOOfTm/6gPdq3t/KtM/+1sdkvhSP+t6VfbBZKFXBdyIto3+ |
| 80 |
B4vd2Wz2XtN1POAWezY2E9PjfeEo0jkfXUNgxo9FiCiX5M7u8/izirEQSw3yKONS |
| 81 |
WmEhu+Bc0zYfaHN/4Up+Pq+8yUEQMiY5llOS2YaiTivHCajq9+e5ULFI42GTY+dG |
| 82 |
BJcVFKz5nUQaACbhDJ1sXgrOh2GMMaUn61RF7a+5FbEDLhmo/Db7WYJzjfTSRqfa |
| 83 |
EGtFC++P4ZN6R6AXt1CThdUoJC1x4YAU5ncu77iTAr5bxD3SE4UGnLpE5NNOS4AH |
| 84 |
53bF8RKNlp7GV8ukyt3FBnQt9+TQt+ePcyru6teLHfb0f2euz7dRTtgkL/P4wi30 |
| 85 |
XtWxVTsk0JrufFVpm7FZNaIvHnZ2SS0AU4NIvejTVOmlkP3vXBqzNHCzoapTW09d |
| 86 |
+6rVo7teibHK1B59e+0P |
| 87 |
=KASv |
| 88 |
-----END PGP SIGNATURE----- |
Archives