[Cryptography] People should turn on PFS in TLS (was Re: Fwd: NYTimes.com: N.S.A. Foils Much Internet Encryption)
Raphaël Jacquot
sxpert at sxpert.org
Fri Sep 6 12:52:46 EDT 2013
On 06.09.2013 18:20, Peter Saint-Andre wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 9/6/13 8:36 AM, Perry E. Metzger wrote:
>>>> One solution, preventing passive attacks, is for major
>>>> browsers and websites to switch to using PFS ciphersuites (i.e.
>>>> those based on ephemeral Diffie-Hellmann key exchange).
>>
>> It occurred to me yesterday that this seems like something all
>> major service providers should be doing. I'm sure that some voices
>> will say additional delay harms user experience. Such voices should
>> be ruthlessly ignored.
>
> +1
>
> In practice, how do we make that happen? On the XMPP network we're
> pushing to make sure that all client-to-server and server-to-server
> hops are encrypted (yes, I know, per-hop encryption is not enough, we
> need end-to-end encryption too). Is there a handy list of PFS-friendly
> ciphersuites that I can communicate to XMPP developers and admins so
> they can start upgrading their software and deployments?
>
> Thanks!
>
> Peter
>
yet, one can find this sort of thing in 3rd position when searching
"nginx crypto" :
http://www.hybridforge.com/blog/nginx-ssl-ciphers-and-pci-compliance
quote :
The developers of Nginx have recently changed the default SSL ciphers to
include the very strong Diffie-Hellman Ephemeral (DHE) cipher. DHE is
used to provide perfect forward secrecy in TLS.
Further reading on Ephermal Diffie-Hellman, PFS and TLS at Wikipedia.org
While I applaud this move on the part of the Nginx dev team there is a
tradeoff and that is slower performance. DHE provides stronger
encryption which in turn requires more computation but here’s where it
gets interesting. To meet today’s PCI DSS crypto standards DHE is not
required. Like many things in life there’s a balance to be struck
between the risk of compromised encryption and the additional expense or
rather the relative loss of connections per second. I’m not a lawyer nor
should this be considered legal advice but I prefer things that go fast
while meeting the necessary PCI compliance criteria.
In order to disable DHE in the server context of the Nginx configuration
add the following line:
ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;
More information about the cryptography
mailing list