On 12 September 2013 19:03, Joe Gooch <[email protected]> wrote:
> Addendum to that is you can get PFS in most browsers even without elliptic
> keys. SSL Labs shows this. (pretty much everything but IE)****
>
>
Yes, the "kx=DH" set of ciphers do plain (non-EC) DH key exchange, which
gets
you PFS too. There are shorthands for the ciphersuite like "kDH" and
"kECDH"
which are useful to (de-)select them, e.g.:
AES+kEDH:AESGCM+kEDH
The article is largely concerned with the latest and greatest ciphers and
protocols,
but it includes "EDH+aRSA" too, as does your set.
For PFS it's the "Kx" that matters, with (presumably) an RSA key, none of
the
non "Au=RSA" EC options will be selected.
"openssl s_server" is invaluable for testing browser behaviour and support:
openssl s_server -www -cert myserver.crt -key myserver.key
optionally adding options like -tls_1 or -no_ecdhe. Connect to port 4433 and
you (should) see a status page.
C.
>
>
> Joe****
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Joe Gooch [mailto:[email protected]]
> *Sent:* Thursday, September 12, 2013 1:59 PM
> *To:* '[email protected]'
> *Subject:* RE: [Pound Mailing List] Perfect Forward Secrecy SSL Setup****
>
> ** **
>
> You need OpenSSL 1.0.1d or newer. 1.0.1e was released Feb-2013.
> (mentioned in the article Connor provided)****
>
> ** **
>
> When I test with SSLLabs with 2.6 PCI+DSS it works… However do note that
> Pound does not set ephemeral ECDH keys, which means all the elliptical
> cipher suites are out of play. I’m not up on this enough at this point to
> know the best way to fix it.****
>
> ** **
>
> Joe****
>
> ** **
>
> *From:* Root Kev [mailto:[email protected] <[email protected]>]
> *Sent:* Thursday, September 12, 2013 1:48 PM
> *To:* [email protected]
> *Subject:* Re: [Pound Mailing List] Perfect Forward Secrecy SSL Setup****
>
> ** **
>
> Hi,****
>
> ** **
>
> Thanks for replying, we have set the ciphers that are used in the site
> that you sent, with the latest openssl (OpenSSL 1.0.1 14 Mar 2012), and are
> already running the version of pound (PCI-DSS patch) to deal with the BEAST
> exploits. No matter what we seem to do, the browsers always seem to only
> use the cipher with no forward secrecy...****
>
> ** **
>
> Config example:****
>
> ** **
>
> ListenHTTPS****
>
> Address 123.456.789.98****
>
> Port 443****
>
> Cert "/usr/local/etc/certs/wildcard.URL.net.pem"****
>
> Ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
> EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH
> EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"****
>
> ** **
>
> Client 60****
>
> xHTTP 4****
>
> ** **
>
> SSLHonorCipherOrder 1****
>
> ** **
>
> ** **
>
> Any pointers would be appreciated,****
>
> ** **
>
> Kevin****
>
> ** **
>
> On Thu, Sep 12, 2013 at 11:47 AM, Conor McCarthy <[email protected]>
> wrote:****
>
> This isn't a Pound specific solution, it covers Apache/OpenSSL, but the
> same considerations and SSLCipherSuite should apply so hopefully its helps:
>
>
> http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
> ****
>
> You *will* need a recent-ish OpenSSL, and you *might* need to run one of
> the patched
> Pound versions (e.g. the PCI-DSS version).****
>
> C.****
>
> ** **
>
> ** **
>
> On 12 September 2013 16:24, Root Kev <[email protected]> wrote:****
>
> Hello All,****
>
> ** **
>
> We are having an issue getting forward secrecy working correctly with our
> pound setup. Can anyone give us an example of a working configuration
> and/or the ciphers that should be used (or even if the current stable
> version of pound supports it?).****
>
> ** **
>
> Thanks!****
>
> ** **
>
> Kevin****
>
> ** **
>
> ** **
>
