On 20/11/2015 7:23 AM, "Piotr Kubaj" <pku...@riseup.net> wrote:
>
> On 11/19/2015 17:01, Janusz Dziemidowicz wrote:
> > 2015-11-19 15:45 GMT+01:00 Piotr Kubaj <pku...@riseup.net>:
> >> Now, about RSA vs ECDSA. I simply don't trust ECDSA. There are quite a
> >> lot of questions about constants used by ECDSA, which seem to be
> >> chosen quite arbitrarily by its creator, which happens to be NSA.
> >> These questions of course remain unanswered. Even respected scientists
> >> like Schneier say that RSA should be used instead (see
> >>
https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c167
> >> 5929
> >
> > But ECDSA itself does not contain any constants (see
> > https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
).
> > Yes, you have to choose domain parameters and most commonly used are
> > NIST ones. But you can also use brainpool curves, which specifically
> > avoid using any arbitrary constants (see
> > http://www.ecc-brainpool.org/download/Domain-parameters.pdf) and they
> > are even defined for TLS (https://tools.ietf.org/html/rfc7027) and
> > apparently supported by latest OpenSSL. Unfortunately not by anything
> > else.
> > OK, anyway that's your preference, I'm not going to argue about ECDSA
or not;)
> >
> >> ). When I'm done setting my HTTP(S) services, I'll simply limit
> >> incoming connections connections on my firewall so DDOS'ing won't be
> >> possible, unless you DDOS my firewall :)
> >
> > I've never said anything about DDoS. In such setup there is no need
> > for distributed DoS. The CPU usage of RSA 8192 is so high that a
> > single shell script running on a single attack machine can kill any
> > server.
> > If you are willing to limit your connection rate on a firewall to a
> > few per second, then fine;)
> >
> > As for your problem. Now that it seems like SSL problem, can you just
> > try with RSA 4096 or 2048? RSA 8192 is really not much tested in most
> > code, so maybe the problem is in fact related.
> >
> Unfortunately, accessing my HTTPS services by only OpenSSL is out of the
> question. Besides, I use LibreSSL and am not sure it supports it, since
> OpenBSD people got rid of quite a lot of unnecessary code.
>
> So I can only choose ECDSA or RSA.
>
> I don't think limiting my connections is a bad idea vs choosing weaker
> RSA. As I said before, I actually expect only a few connections at once.
>
> I've generated RSA 2048 cert with:
> openssl req -x509 -newkey rsa:2048 -keyout haproxy.pem -out haproxy.pem
> -days 3650 -nodes
>
> That is, I didn't use any non-default options, such as SHA512.
> Unfortunately, it doesn't yield any result. I'm now considering
> switching to SSL Pass-through, and configuring HTTPS in each of my WWW
> servers, it may be much quicker considering how long I've been getting
> Haproxy to work.
>
It might be something specific to BSD os causing issues for you since I
haven't heard of anyone complaining about ssl till now. You can also try
latest stable 1.5.15 since I can't see any 1.6 specific feature in your
config.
