Read ‘em and weep: http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?_r=0
My take is that most places don’t enable PFS (because it’s “hard”) in IPSec. In theory, Transport Layer Security (TLS) can choose appropriate ciphers since SSLv3, but in everyday practice many implementations have refused to offer PFS or only provide it with very low encryption grade. http://www.ietf.org/mail-archive/web/tls/current/msg02134.html I don’t know the situation on pfSense (I’ve not gone to look, as I’m elbows deep in an IPv6 IPsec issue atm.) In theory, OpenSSL supports perfect forward secrecy using elliptic curve Diffie–Hellman since version 1.0. Do we set "enable-ec_nistp_64_gcc_128” on pfSense? Do we enable the DHE-RSA-AES128-SHA cipher suite? How about ECDHE-RSA-AES128-SHA? Do we build the 64-bit optimized version for 64-bit images? http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html Anyway, the ‘evidence’ is that there is some fundamental weakness in DH, since the NSA itself recommends EC crypto rather than DH in their “Suite B” offering. http://www.nsa.gov/ia/programs/suiteb_cryptography/ One would think that pfSense would follow suit. _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list