[146944] in cryptography@c2.net mail archive
Re: [Cryptography] What TLS ciphersuites are still OK?
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Sep 10 10:17:28 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <522E4259.9030203@cs.tcd.ie>
Date: Tue, 10 Sep 2013 14:01:17 +0100
From: Ben Laurie <ben@links.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============2221209758939794833==
Content-Type: multipart/alternative; boundary=001a1133b8fcb6f2ba04e60719c7
--001a1133b8fcb6f2ba04e60719c7
Content-Type: text/plain; charset=ISO-8859-1
On 9 September 2013 22:49, Stephen Farrell <stephen.farrell@cs.tcd.ie>wrote:
>
> Hi Ben,
>
> On 09/09/2013 05:29 PM, Ben Laurie wrote:
> > Perry asked me to summarise the status of TLS a while back ... luckily I
> > don't have to because someone else has:
> >
> > http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
> >
> > In short, I agree with that draft. And the brief summary is: there's only
> > one ciphersuite left that's good, and unfortunately its only available in
> > TLS 1.2:
> >
> > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
>
> I don't agree the draft says that at all. It recommends using
> the above ciphersuite. (Which seems like a good recommendation
> to me.) It does not say anything much, good or bad, about any
> other ciphersuite.
>
> Claiming that all the rest are no good also seems overblown, if
> that's what you meant.
>
Other than minor variations on the above, all the other ciphersuites have
problems - known attacks, unreviewed ciphers, etc.
If you think there are other ciphersuites that can be recommended -
particularly ones that are available on versions of TLS other than 1.2,
then please do name them.
--001a1133b8fcb6f2ba04e60719c7
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On 9 September 2013 22:49, Stephen Farrell <span dir=3D"ltr"><<a=
href=3D"mailto:stephen.farrell@cs.tcd.ie" target=3D"_blank">stephen.farrel=
l@cs.tcd.ie</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><br>
Hi Ben,<br>
<div><div class=3D"h5"><br>
On 09/09/2013 05:29 PM, Ben Laurie wrote:<br>
> Perry asked me to summarise the status of TLS a while back ... luckily=
I<br>
> don't have to because someone else has:<br>
><br>
> <a href=3D"http://tools.ietf.org/html/draft-sheffer-tls-bcp-00" target=
=3D"_blank">http://tools.ietf.org/html/draft-sheffer-tls-bcp-00</a><br>
><br>
> In short, I agree with that draft. And the brief summary is: there'=
;s only<br>
> one ciphersuite left that's good, and unfortunately its only avail=
able in<br>
> TLS 1.2:<br>
><br>
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256<br>
<br>
</div></div>I don't agree the draft says that at all. It recommends usi=
ng<br>
the above ciphersuite. (Which seems like a good recommendation<br>
to me.) It does not say anything much, good or bad, about any<br>
other ciphersuite.<br>
<br>
Claiming that all the rest are no good also seems overblown, if<br>
that's what you meant.<br></blockquote><div><br></div><div>Other than m=
inor variations on the above, all the other ciphersuites have problems - kn=
own attacks, unreviewed ciphers, etc.</div><div><br></div><div>If you think=
there are other ciphersuites that can be recommended - particularly ones t=
hat are available on versions of TLS other than 1.2, then please do name th=
em.</div>
<div><br></div></div></div></div>
--001a1133b8fcb6f2ba04e60719c7--
--===============2221209758939794833==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============2221209758939794833==--