On Sat, Dec 14, 2013 at 06:28:54PM -0800, Brian Smith wrote: > > - Only 2048 bit public, 128 bit symmetric, 256 bit elliptic, or > > better. > > > > Approximately 1.5% of Fx26 full handshakes that use RSA certs use keys > smaller than 2048 bits. So, enforcing the 2048 bit limit is not going to be > a simple thing to do for a while, even though we want to do it soon.
SSL-pulse stats for 1024 bit keys (the rest is 2048 or 4096) - june: 5.4% (-0.7%) - july: 4.7% (-0.7%) - august: 4.1% (-0.6%) - september: 3.3% (-0.8%) - october: 2.2% (-1.1%) - november: 1.7% (-0.5%) - december: 1.3% (-0.4%) If it continues at this rate, that would mean in about 2 months we should reach 0%, but it's probably going to take a little longer. > We can > enforce the 256 bit limit on ECC now though, because literally everybody > seems to be using the P-256 curve. (This actually makes me wonder if the > P-384 support even works, since not a single handshake in Firefox 26 used > it.) We only have 256 bit or higher. Openssl at least supports some 160 bit versions, but I see no good reason to add support for those. But I currently don't see why they don't get selected. I'm not sure if this has to do with SHA-384 not being available, but I doubt it. Kurt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
