I have a proof of concept in my local environment for the EC stuff and it appears to be working. I need to clean it up and do a patch. Probably a couple days.
Joe From: Root Kev [mailto:[email protected]] Sent: Friday, September 13, 2013 2:18 PM To: [email protected] Subject: Re: [Pound Mailing List] Perfect Forward Secrecy SSL Setup Hi, After updating OpenSSL to the "e" version and adding the ciphers that have been mentioned we see at SSLLabs that we now have DHE FS for most browsers, EXCEPT for all internet explorer browsers. Any ideas as to if/when pound will support EC ciphers? Or how to get support for FS in IE browsers? Thanks again, Kevin On Fri, Sep 13, 2013 at 6:06 AM, Conor McCarthy <[email protected]<mailto:[email protected]>> wrote: On 12 September 2013 19:03, Joe Gooch <[email protected]<mailto:[email protected]>> wrote: Addendum to that is you can get PFS in most browsers even without elliptic keys. SSL Labs shows this. (pretty much everything but IE) Yes, the "kx=DH" set of ciphers do plain (non-EC) DH key exchange, which gets you PFS too. There are shorthands for the ciphersuite like "kDH" and "kECDH" which are useful to (de-)select them, e.g.: AES+kEDH:AESGCM+kEDH The article is largely concerned with the latest and greatest ciphers and protocols, but it includes "EDH+aRSA" too, as does your set. For PFS it's the "Kx" that matters, with (presumably) an RSA key, none of the non "Au=RSA" EC options will be selected. "openssl s_server" is invaluable for testing browser behaviour and support: openssl s_server -www -cert myserver.crt -key myserver.key optionally adding options like -tls_1 or -no_ecdhe. Connect to port 4433 and you (should) see a status page. C. Joe From: Joe Gooch [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, September 12, 2013 1:59 PM To: '[email protected]<mailto:[email protected]>' Subject: RE: [Pound Mailing List] Perfect Forward Secrecy SSL Setup You need OpenSSL 1.0.1d or newer. 1.0.1e was released Feb-2013. (mentioned in the article Connor provided) When I test with SSLLabs with 2.6 PCI+DSS it works… However do note that Pound does not set ephemeral ECDH keys, which means all the elliptical cipher suites are out of play. I’m not up on this enough at this point to know the best way to fix it. Joe From: Root Kev [mailto:[email protected]] Sent: Thursday, September 12, 2013 1:48 PM To: [email protected]<mailto:[email protected]> Subject: Re: [Pound Mailing List] Perfect Forward Secrecy SSL Setup Hi, Thanks for replying, we have set the ciphers that are used in the site that you sent, with the latest openssl (OpenSSL 1.0.1 14 Mar 2012), and are already running the version of pound (PCI-DSS patch) to deal with the BEAST exploits. No matter what we seem to do, the browsers always seem to only use the cipher with no forward secrecy... Config example: ListenHTTPS Address 123.456.789.98<tel:123.456.789.98> Port 443 Cert "/usr/local/etc/certs/wildcard.URL.net.pem" Ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" Client 60 xHTTP 4 SSLHonorCipherOrder 1 Any pointers would be appreciated, Kevin On Thu, Sep 12, 2013 at 11:47 AM, Conor McCarthy <[email protected]<mailto:[email protected]>> wrote: This isn't a Pound specific solution, it covers Apache/OpenSSL, but the same considerations and SSLCipherSuite should apply so hopefully its helps: http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html You *will* need a recent-ish OpenSSL, and you *might* need to run one of the patched Pound versions (e.g. the PCI-DSS version). C. On 12 September 2013 16:24, Root Kev <[email protected]<mailto:[email protected]>> wrote: Hello All, We are having an issue getting forward secrecy working correctly with our pound setup. Can anyone give us an example of a working configuration and/or the ciphers that should be used (or even if the current stable version of pound supports it?). Thanks! Kevin
