SSL, TLS & Perfect Forward Secrecy

Mentions

  • CRL
  • OSCP
  • Perfect Forward Secrecy (PFS)
  • Elliptic Curve Cryptography (ECC)

Protocols

  • HTTPS
  • SSL
  • TLS

Theory

Algorithms

  • AES128-SHA

Perfect Forward Secrecy (PFS)

  • DHE-RSA-AES128-SHA
  • ECDHE-RSA-AES128-SHA
  • DHE-RSA-AES128-SHA

Cipher Suites

  • ECDHE-RSA-AES128-SHA:AES128-SHA:RC4-SHA
    • Optional
  • ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:EDH-DSS-DES-CBC3-SHA
    • Required

Standards

  • RFC 6090 Fundamental Elliptic Curve Cryptography Algorithms; D. McGrew (Cisco), K. Igoe, M. Salter (NSA); 2011-02.
  • RFC 5246 The Transport Layer Security (TLS) Protocol, Version 1.2; T. Dierks (self), E. Rescoria (RTFM); 2008-08.
  • RFC 5077 Transport Layer Security (TLS) Session Resumption without Server-Side State; J. Salowey (Cisco), H. Zhou (Cisco), P. Eronen (Nokia), H. Tschofenig (Nokia Siemens); 2008-01.
  • RFC 4492 Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS); S. Blake-Wilson (SafeNet), N. Bolyard (Sun), V. Gupta (Sun), C. Hawk (Corriente), B. Moeller (Ruhr-Uni Bochum), 2006-05.
  • NIST P-256
  • NIST P-521
  • NIST P-224

Patents

Who

  • Bodo Möller, Emilia Käsper  (Google), Adam Langley (Google) => 64bit optimized versions of NIST P-224, P-256 and P-521 for OpenSSL
  • Emilia Käsper (Google)

Package Support

OpenSSL

Yet Fedora does not have ECC in OpenSSL

$ openssl ciphers ECDH
Error in cipher list
139915857282912:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1314:
$ rpm -q openssl
openssl-1.0.1e-4.fc18.x86_64
$ cat /etc/fedora-release 
Fedora release 18 (Spherical Cow)

Mozilla Network Security Services (NSS)

  • Version?

Client Support

Support for NIST P-256, P-384 and P-521

  • “Recent” versions of Firefox and Chrome (circa 2011-11) “should”
  • “Most” versions, Internet Explorer do not support

Server Support

Apache httpd

  • httpd-2.3.3
  • ensure the order of cipher suites is respected.
    • SSLHonorCipherOrder on
  • Curve is what?
    • Specify with what?

nginx

  • nginx-1.0.6.
  • nginx-1.1.0.
  • ensure the order of cipher suites is respected.
    • ssl_prefer_server_ciphers on.
  • Curve is NIST P-256
    • Specify with ssl_ecdh_curve

stud

  • pull/61; Adding support for ECDHE in stud

Cited & Referenced

General

Implementation

Background

Indirect

Cited in Cryptographic Key Length Recommendation

Via & transitively via: backfill, backfill. backfill

DNSCrypt from OpenDNS

DNSCrypt

Mentions

Unrelated

Promotions

Via: backfill, backfill

NaCl : Networking and Cryptography library

  • Pronounced “salt”
  • Stands for “Networking and Cryptography Library”
  • Is in the public domain
  • Aspires to be patent clean; has not received any claims of patent infringement.

Availability

Authors’ release

Forks & Additions

Who

(main)

  • Daniel J. Bernstein (University of Illinois at Chicago)
  • Tanja Lange (Technische Universiteit Eindhoven)
  • Peter Schwabe (Academia Sinica)

Also

(alphabetical)

  • Niels Duif (Technische Universiteit Eindhoven)
  • Emilia Käsper (Google, ex-Katholieke Universiteit Leuven)
  • Adam Langley (Google)Matthew Dempsky (Google, ex-Mochi Media)
  • Sean Lynch (Facebook)
  • Jan Mojzis
  • Bo-Yin Yang (Academia Sinica)

Capabilities

  • Curve25519
  • Salsa20
  • Poly1305

Programs

  • SUPERCOP => System for Unified Performance Evaluation Related to Cryptographic Operations and Primitives, an API
  • eBACS => ECRYPT Benchmarking of Cryptographic Systems
  • eSTREAM => the ECRYPT Stream Cipher Project

Mentions

  • IEEE P1363
  • NIST P-256
  • NIST “Suite B”
    • twist security
    • Montgomery representation
    • Edwards representation
  • AES
    • AES-GCM
  • Curve25519
    • Ed25519
  • Diffie-Hellman
    • ECDH
  • DNS
    • DNSCrypt
    • DNSCurve
    • DNSSEC
  • DSA
    • ECDSA
    • EdDSA
  • ElGamal
  • HMAC
  • OpenSSL
  • PKCS
    • PKCS#1
  • Poly1305
    • Poly1305-AES
  • RIPEMD
    • RIPEMD-160
  • RSA
    • RSA-1024
    • RSA-2048
    • RSA-SHA1
    • RSA-SHA256
  • Schnorr
  • TCP
    • CurveCP
  • TLS (SSL)
    • DTLS
    • GnuTLS
  • TWIRL

Promotion

Daniel J. Bernstein, Tanja Lange, Peter Schwabe; The security impact of a new cryptographic library; In Proceedings of LatinCrypt 2012; 2012-07-25; 18 pages.

Abstract

This paper introduces a new cryptographic library, NaCl, and explains how the design and implementation of the library avoid various types of cryptographic disasters su ffered by previous cryptographic libraries such as OpenSSL. Specifi cally, this paper analyzes the security impact of the following NaCl features: no data flow from secrets to load addresses; no data flow from secrets to branch conditions; no padding oracles; centralizing randomness; avoiding unnecessary randomness; extremely high speed; and cryptographic primitives chosen conservatively in light of the cryptanalytic literature.

Usage

Via: backfill