SSL, TLS & Perfect Forward Secrecy

Mentions

  • CRL
  • OSCP
  • Perfect Forward Secrecy (PFS)
  • Elliptic Curve Cryptography (ECC)

Protocols

  • HTTPS
  • SSL
  • TLS

Theory

Algorithms

  • AES128-SHA

Perfect Forward Secrecy (PFS)

  • DHE-RSA-AES128-SHA
  • ECDHE-RSA-AES128-SHA
  • DHE-RSA-AES128-SHA

Cipher Suites

  • ECDHE-RSA-AES128-SHA:AES128-SHA:RC4-SHA
    • Optional
  • ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:EDH-DSS-DES-CBC3-SHA
    • Required

Standards

  • RFC 6090 Fundamental Elliptic Curve Cryptography Algorithms; D. McGrew (Cisco), K. Igoe, M. Salter (NSA); 2011-02.
  • RFC 5246 The Transport Layer Security (TLS) Protocol, Version 1.2; T. Dierks (self), E. Rescoria (RTFM); 2008-08.
  • RFC 5077 Transport Layer Security (TLS) Session Resumption without Server-Side State; J. Salowey (Cisco), H. Zhou (Cisco), P. Eronen (Nokia), H. Tschofenig (Nokia Siemens); 2008-01.
  • RFC 4492 Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS); S. Blake-Wilson (SafeNet), N. Bolyard (Sun), V. Gupta (Sun), C. Hawk (Corriente), B. Moeller (Ruhr-Uni Bochum), 2006-05.
  • NIST P-256
  • NIST P-521
  • NIST P-224

Patents

Who

  • Bodo Möller, Emilia Käsper  (Google), Adam Langley (Google) => 64bit optimized versions of NIST P-224, P-256 and P-521 for OpenSSL
  • Emilia Käsper (Google)

Package Support

OpenSSL

Yet Fedora does not have ECC in OpenSSL

$ openssl ciphers ECDH
Error in cipher list
139915857282912:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1314:
$ rpm -q openssl
openssl-1.0.1e-4.fc18.x86_64
$ cat /etc/fedora-release 
Fedora release 18 (Spherical Cow)

Mozilla Network Security Services (NSS)

  • Version?

Client Support

Support for NIST P-256, P-384 and P-521

  • “Recent” versions of Firefox and Chrome (circa 2011-11) “should”
  • “Most” versions, Internet Explorer do not support

Server Support

Apache httpd

  • httpd-2.3.3
  • ensure the order of cipher suites is respected.
    • SSLHonorCipherOrder on
  • Curve is what?
    • Specify with what?

nginx

  • nginx-1.0.6.
  • nginx-1.1.0.
  • ensure the order of cipher suites is respected.
    • ssl_prefer_server_ciphers on.
  • Curve is NIST P-256
    • Specify with ssl_ecdh_curve

stud

  • pull/61; Adding support for ECDHE in stud

Cited & Referenced

General

Implementation

Background

Indirect

Cited in Cryptographic Key Length Recommendation

Via & transitively via: backfill, backfill. backfill