Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PFS support #630

Merged
merged 1 commit into from
Apr 24, 2014
Merged

PFS support #630

merged 1 commit into from
Apr 24, 2014

Conversation

MartinNowak
Copy link
Contributor

  • make DH and ECDH configurable
  • choose defaults
  • select option to NOT reuse secrets

@MartinNowak MartinNowak restored the pfs branch April 21, 2014 21:27
@MartinNowak
PFS support
313ab0a 
- make DH and ECDH configurable

- choose defaults

- select option to NOT reuse secrets
@s-ludwig
Copy link
Member

Very nice, I'm going to test that in action right now! Not sure what the Travis error is caused by.

/but bah... that OpenSSL API is really one of the worst that I've ever seen. So much that you have to know and do by hand up front to get a secure system. Not even getting started with macro hell and that other stuff...

s-ludwig added a commit that referenced this pull request Apr 24, 2014
@s-ludwig
Merge pull request #630 from MartinNowak/pfs
680e417 
Implement PFS support for SSLStream.
@s-ludwig s-ludwig merged commit 680e417 into vibe-d:master Apr 24, 2014
@s-ludwig
Copy link
Member

Not sure what the Travis error is caused by.

Okay, was just an old version of the OpenSSL bindings still being picked up.

@s-ludwig
Copy link
Member

And after some quirks unrelated to this PR have been resolved (ccf7fe1, 9a6fd1a), I'm now getting TLS 1.2 with PFS enabled and pretty good scores on https://www.ssllabs.com/ssltest/. Great!

The only issues listed there are now:

  • Secure Client-Initiated Renegotiation: Supported DoS DANGER
  • Session resumption (caching): No (IDs assigned but not accepted)
  • BEAST attack: Not mitigated server-side

But PFS is chosen for any browser that supports it:

  • Forward Secrecy: Yes (with most browsers) ROBUST

@MartinNowak
Copy link
Contributor Author

We might even choose to only support EECDH and EDH, that is drop support for non-ephemeral diffie-helman, but the server will prefer the ephemeral versions already.

@MartinNowak MartinNowak deleted the pfs branch April 24, 2014 16:56
@MartinNowak
Copy link
Contributor Author

/but bah... that OpenSSL API is really one of the worst that I've ever seen.

True, but I still have my mid term memory filled from updating the headers in case you have any questions.
update to OpenSSL 1.0.1g by MartinNowak · Pull Request #16 · D-Programming-Deimos/openssl

@s-ludwig
Copy link
Member

Yeah, of all the clients tested on the ssllabs site, no client has chosen a non-ephemeral DH cipher (some older clients had to fall back to non-DH ones), so I guess it should be safe to drop them.

@s-ludwig
Copy link
Member

Actually, I've overlooked some:

  • Android 2.3.7 uses DH-RSA-AES128
  • Old BingBot uses DH-RSA-AES256

So it's probably better to just keep the non-ephemeral ones as intermediate fallbacks. But I guess the (E)DH+3DES modes could be removed. Only old clients will use 3DES and those don't support DH at all (most notably IE on Windows XP).

@MartinNowak
Copy link
Contributor Author

So it's probably better to just keep the non-ephemeral ones as intermediate fallbacks. But I guess the (E)DH+3DES modes could be removed. Only old clients will use 3DES and those don't support DH at all (most notably IE on Windows XP).

It probably doesn't matter, as we use the server preferred order. Not sure if exchanging the available ciphers has some sort of overhead though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MartinNowak @s-ludwig