On Sun, Apr 20, 2014 at 10:32 AM, Steve Holdoway <[email protected]>wrote:
> I get A+ on my own webmail interface, but then I pretty much know what > devices are talking to it. That uses > > ssl_ciphers TLS_ECDHE_RSA_WITH_RC4_128_SHA:TLS_ECDHE_RSA_WITH_AES_ > 128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ > ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:ECDH+AESGCM:DH+AESGCM: > ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+ > 3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS; > The Applied Crypto Hardening Project, https://bettercrypto.org/static/applied-crypto-hardening.pdf<https://webmail.staff.otago.ac.nz/owa/redir.aspx?C=Cbby-nY7WUaa_U9wV_cnQqC36anbL9EIxlOPHSLu0ZINl-V-o5ZOAPzl0bcxTdP4zUxhJd1CvYU.&URL=https%3a%2f%2fbettercrypto.org%2fstatic%2fapplied-crypto-hardening.pdf>, has a much smaller set of options for the best current choices; rather than just trust whatever Qualsys have put together, have a look at the reasons. If you don't need to support the general public, or you choose to not support insecure clients for a given service, run the TLS1.2-only,PFS version of their setup - only two ciphers :- EDH+aRSA+AES256:EECDH+aRSA+AES256:!SSLv3 If you think that you need to support browser versions that are unsupported by their own authors then I'd consider offering graduated services - if you connect with weak ciphers, use OTP instead of just a password, for example. To be honest, I reckon that you're being pretty paranoid ( even if it is in > the SysAdmin jobspec ) by tuning SSL at all, although I do make all these > newfangled elliptical ciphers available, and try to use the less > computationally complex options. Can't remember what not using RC4 > disables, but that also seems to be a logical step as it's been pretty well > discredited. SSL2 is in the same boat. > Why tune the options? Because the software you get doesn't even vaguely attempt to run "secure by default", and if you're using the default settings there's no point in using the protocol; you or your clients are not protected by crypto that is known to be broken. > One question does intrigue me though... with all this grief about the > difficulty in revoking certs, is it really necessary if you're just binning > it?? > If someone has an old stolen copy of your keys, they can spoof you perfectly (granted, spoofing you in the first place isn't that easy). If you have revoked the cert, some of the victim clients will get warning. If you don't feel that scenario applies to you and your usecases, don't bother to revoke. However, there was been a lot of attack traffic from the usual locations seen after the vulnerability was made public -- I don't know anyone who has reported on a dataset from before the public publication. We know that the cloudflare challenge website had its keys taken more than once. -jim
_______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
