On 06.09.2013 18:20, Peter Saint-Andre wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On 9/6/13 8:36 AM, Perry E. Metzger wrote:
One solution, preventing passive attacks, is for major
browsers and websites to switch to using PFS ciphersuites (i.e.
those based on ephemeral Diffie-Hellmann key exchange).
It occurred to me yesterday that this seems like something all
major service providers should be doing. I'm sure that some voices
will say additional delay harms user experience. Such voices should
be ruthlessly ignored.
In practice, how do we make that happen? On the XMPP network we're
pushing to make sure that all client-to-server and server-to-server
hops are encrypted (yes, I know, per-hop encryption is not enough, we
need end-to-end encryption too). Is there a handy list of PFS-friendly
ciphersuites that I can communicate to XMPP developers and admins so
they can start upgrading their software and deployments?
yet, one can find this sort of thing in 3rd position when searching
"nginx crypto" :
The developers of Nginx have recently changed the default SSL ciphers to
include the very strong Diffie-Hellman Ephemeral (DHE) cipher. DHE is
used to provide perfect forward secrecy in TLS.
Further reading on Ephermal Diffie-Hellman, PFS and TLS at Wikipedia.org
While I applaud this move on the part of the Nginx dev team there is a
tradeoff and that is slower performance. DHE provides stronger
encryption which in turn requires more computation but here’s where it
gets interesting. To meet today’s PCI DSS crypto standards DHE is not
required. Like many things in life there’s a balance to be struck
between the risk of compromised encryption and the additional expense or
rather the relative loss of connections per second. I’m not a lawyer nor
should this be considered legal advice but I prefer things that go fast
while meeting the necessary PCI compliance criteria.
In order to disable DHE in the server context of the Nginx configuration
add the following line:
The cryptography mailing list