Am 07.02.2014 15:32, schrieb KT Walrus: > I found this list: > > |ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS > | > > |on this page:| > | > | > https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ > > I think I’m going to just go with his recommendations (and bookmark him for > any future changes) since he seems to > be on top of this issue.
that's in general fine but it prefers AES-256 which is bad for some reasons: * there is currently no benefit, the opposite is true * according to http://www.nsa.gov/business/programs/elliptic_curve.shtml you would need a 15360 Bit RSA-Key while for AES-128 a 3072 RSA is suitable * AES-128 is around 20% faster than AES-256 * https://www.schneier.com/blog/archives/2009/07/another_new_aes.html The attack exploits the fact that the key schedule for 256-bit version is pretty lousy -- something we pointed out in our 2000 paper -- but doesn't extend to AES with a 128-bit key i spent many many hours for decide my cipher-string below and the result was order ciphers exactly in the most secure and most performance wise way and make sure give each client the best option currently TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is the best supported and most secure cipher, Firefox 27 / Chrome as example support it and where ever you can you should brefer AES-GCM instead AES-CBC TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is not widely supported yes, i am aware that we talk about e-mail and not http, but finally the cipher support is practically the same, except thunderbird still does not use AES-GCM but given that Firefox is using the same crypto-layer (NSS) which supports AES-GCM-128 *but not* AES-GCM-256 the last recent feature only needs to be "exported" to thunderbird which happens in the near future > On Feb 7, 2014, at 4:31 AM, Reindl Harald <h.rei...@thelounge.net > <mailto:h.rei...@thelounge.net>> wrote: > >> >> >> Am 07.02.2014 03:37, schrieb KT Walrus: >>> I’m trying to set up SSL/TLS IMAP connections. >>> >>> What is the recommended cipher list to set tls_ciphers in dbmail.conf? >>> >>> I copied a cipher list from some random example I found on the web, and it >>> does work, but I don’t really >>> understand what is the best list to use >> >> in that case honestly you better don't touch defaults because your changes >> will >> most likely never get reviwed while defaults may change to better ones >> no idea if dbmail implements SSLHonorCipherOrder because i have dovecot in >> front >> >> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2 >> >> the above list works on Apache and Dovecot leading to the following cipher >> order >> and yes you want to perfer AES-128 because your RSA key most likely is even >> too >> small for AES-128 which needs 3072 Bit and there are existing theoretical >> attacks >> against AES-256 not affecting AES-128 >> >> https://www.ssllabs.com/ssltest/ on a webserver >> Cipher Suites (SSL 3+ suites in server-preferred order, then SSL 2 suites >> where used) >> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH 256 bits (eq. 3072 bits >> RSA) FS 128 >> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH 256 bits (eq. 3072 bits >> RSA) FS 256 >> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 4096 bits (p: 512, g: 1, Ys: >> 512) FS 128 >> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 4096 bits (p: 512, g: 1, Ys: >> 512) FS 256 >> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH 256 bits (eq. 3072 bits >> RSA) FS 128 >> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH 256 bits (eq. 3072 bits >> RSA) FS 256 >> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH 256 bits (eq. 3072 bits >> RSA) FS 128 >> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH 256 bits (eq. 3072 bits >> RSA) FS 256 >> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 4096 bits (p: 512, g: 1, Ys: >> 512) FS 128 >> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 4096 bits (p: 512, g: 1, Ys: >> 512) FS 256 >> TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 4096 bits (p: 512, g: 1, Ys: 512) >> FS 128 >> TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 4096 bits (p: 512, g: 1, Ys: 512) >> FS 256 >> TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 4096 bits (p: 512, g: 1, Ys: >> 512) FS 128 >> TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 4096 bits (p: 512, g: 1, Ys: >> 512) FS 256 >> TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128 >> TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256 >> TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 >> TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 >> TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128 >> TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256 >> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH 256 bits (eq. 3072 bits >> RSA) FS 112 >> TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DBmail mailing list DBmail@dbmail.org http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
