[146947] in cryptography@c2.net mail archive
Re: [Cryptography] What TLS ciphersuites are still OK?
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Sep 10 10:19:49 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <545EBEFF-F662-4D3F-BFB3-FE338A38047A@mac.com>
Date: Tue, 10 Sep 2013 14:03:32 +0100
From: Ben Laurie <ben@links.org>
To: james hughes <hughejp@mac.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>,
Stephen Farrell <stephen.farrell@cs.tcd.ie>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============0236676790427437163==
Content-Type: multipart/alternative; boundary=047d7b6da17ec5365c04e607215d
--047d7b6da17ec5365c04e607215d
Content-Type: text/plain; charset=ISO-8859-1
On 10 September 2013 03:59, james hughes <hughejp@mac.com> wrote:
>
> On Sep 9, 2013, at 2:49 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
> wrote:
>
> On 09/09/2013 05:29 PM, Ben Laurie wrote:
>
> Perry asked me to summarise the status of TLS a while back ... luckily I
> don't have to because someone else has:
>
> http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
>
> In short, I agree with that draft. And the brief summary is: there's only
> one ciphersuite left that's good, and unfortunately its only available in
> TLS 1.2:
>
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
>
> I retract my previous "+1" for this ciphersuite. This is hard coded 1024
> DHE and 1024bit RSA.
>
It is not hard coded to 1024 bit RSA. I have seen claims that some
platforms hard code DHE to 1024 bits, but I have not investigated these
claims. If true, something should probably be done.
--047d7b6da17ec5365c04e607215d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On 10 September 2013 03:59, james hughes <span dir=3D"ltr"><<a h=
ref=3D"mailto:hughejp@mac.com" target=3D"_blank">hughejp@mac.com</a>></s=
pan> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div style=3D"word-wrap:break-word"><div cla=
ss=3D"im"><br><div><div>On Sep 9, 2013, at 2:49 PM, Stephen Farrell <<a =
href=3D"mailto:stephen.farrell@cs.tcd.ie" target=3D"_blank">stephen.farrell=
@cs.tcd.ie</a>> wrote:</div>
<br><blockquote type=3D"cite">On 09/09/2013 05:29 PM, Ben Laurie wrote:<br>=
<blockquote type=3D"cite">Perry asked me to summarise the status of TLS a w=
hile back ... luckily I<br>don't have to because someone else has:<br><=
br>
<a href=3D"http://tools.ietf.org/html/draft-sheffer-tls-bcp-00" target=3D"_=
blank">http://tools.ietf.org/html/draft-sheffer-tls-bcp-00</a><br><br>In sh=
ort, I agree with that draft. And the brief summary is: there's only<br=
>
one ciphersuite left that's good, and unfortunately its only available =
in<br>TLS 1.2:<br><br>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</blockquote></blo=
ckquote></div></div><div>I retract my previous "+1" for this=A0ci=
phersuite. This is=A0hard coded 1024 DHE and 1024bit RSA.=A0</div>
</div></blockquote><div><br></div><div>It is not hard coded to 1024 bit RSA=
. I have seen claims that some platforms hard code DHE to 1024 bits, but I =
have not investigated these claims. If true, something should probably be d=
one.</div>
<div><br></div><div><br></div></div></div></div>
--047d7b6da17ec5365c04e607215d--
--===============0236676790427437163==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============0236676790427437163==--
