On 8/3/2014 10:55 PM, David Benfell wrote: > On Sun, Aug 03, 2014 at 09:29:49PM +0200, Pete Stephenson wrote: >> Hi all, >> >> For those running HKPS-enabled servers in the pool, what protocols and >> ciphersuites do you use? >> >> I'd hope that it'd be safe these days to disable SSLv2. How about SSLv3? >> RC4? >> >> I'd like to provide a reasonable fallback to older clients that don't >> support modern ciphers, but without jeopardizing the security of modern >> clients that do. >> > Here is my incantation for Apache (I think this will work in both 2.2 > and 2.4, but I don't remember). It gets me an A+ rating on the Qualys > SSL test: > > SSLEngine on > > SSLProtocol -ALL -SSLv3 +TLSv1 +TLSv1.2 > SSLCipherSuite > EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:HIGH:!MEDIUM:!LOW:!SSLv2:!aNULL:!PSK:SSLv3:!3DES
That's a good selection. You might also consider !NULL, !EXP, and !SRP -- with openssl 1.0.1f on my system, your list includes those options. Null and export ciphers are always a bad thing. The current recommendation from Qualys[1] is to use TLSv1/1.1/1.2 with: SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" However, that recommendation is primarily for web browsers. I have no idea what SSL/TLS capabilities are available to HKPS-capable OpenPGP clients, so I don't know if leaving out SSLv3 is a problem, if old clients support PFS, or if it'd be necessary to include 3DES/RC4 as a fallback. Very limited (2-3 queries) testing suggests that gnupg-curl on Debian systems supports DHE-RSA-AES256-SHA256 with TLSv1.2. Another query is from a random user and their OpenPGP client supports TLSv1.2 and ECDHE-RSA-AES256-GCM-SHA384; not even modern web browsers support that yet, so I'm impressed. > However, I have been mean about some older clients. I don't care about > Yandex, for example, and don't know why they don't update their SSL > capabilities. I take a similar approach on my websites: all modern browser support TLSv1 or higher and DHE/ECDHE. I see no reason to support old browsers in general, but there are a lot of legacy OpenPGP clients out there that I don't want to shut out. Cheers! -Pete P.S. I sent you a message a few days ago regarding peering but your server is bouncing it with "450 4.3.2 Service currently unavailable". [1] https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
