Re: H2 compatible ciphers

2015-10-17 Thread Reindl Harald
Am 17.10.2015 um 11:18 schrieb Kaspar Brand: Another - quite radical - approach would consist of using a whitelist, which consists of a single cipher suite only: given that section 9.2 of RFC 7540 states "Implementations of HTTP/2 MUST use TLS version 1.2" and section 9.2.2 further says

Re: H2 compatible ciphers

2015-10-17 Thread Kaspar Brand
On 16.10.2015 12:45, Stefan Eissing wrote: > If the blacklist in RFC 7540 proves to be totally bogus, I'd favor > ditching it in our server checks. Sharing Yann's surprise about this huge blacklist... I'm also wondering if this won't become a Sisyphean task, in the end (will the httpwg regularly

Re: H2 compatible ciphers

2015-10-17 Thread Stefan Eissing
Yes, I think whatever improvements we make, they need to be open for admin overrides. OTOH the majority of the deployments will want to have sth like modern/intermediate/old and get whatever that exactly means delivered by us as regular updates in releases (or via their distros). Especially

H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Yann Ylavic
On Wed, Oct 14, 2015 at 2:10 PM, wrote: > Author: icing > Date: Wed Oct 14 12:10:11 2015 > New Revision: 1708593 > > URL: http://svn.apache.org/viewvc?rev=1708593=rev > Log: > mod_http2: new directive H2Compliance on/off, checking TLS protocol and > cipher against RFC7540 > []

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Stefan Eissing
I am not blacklisting ciphers for the whole server. I try to define the security settings required for HTTP/2 as defined in the standard - as a configurable directive. There is no problem with denying HTTP/2 support for an IE8. //Stefan > Am 16.10.2015 um 12:53 schrieb Chris

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Chris
The blacklist does look too radical to me as well. My server was configured with some in that list. Also it can place a server admin in a tough position e.g. what if they want to support IE8, or maybe android2 which doesn thave tls 1.2 stuff, but also support h2, they would be forced to choose

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Stefan Eissing
Hi Yann, I am not a cipher expert enough to know why the list in RFC 7540 was compiled this way... :( But indeed, there is a good sized overlap. And that does not make sense. I have sent a mail to the httpwg mailing list, asking for enlightment. If the blacklist in RFC 7540 proves to be

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Yann Ylavic
On Fri, Oct 16, 2015 at 1:38 PM, Yann Ylavic wrote: > > Actually I tried some brute bash script (attached) to show what > remains compared to "openssl ciphers ALL", and the result is: > > * libressl/install/2.2.1/bin/openssl: > - ECDHE-ECDSA-CHACHA20-POLY1305 > -

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Graham Leggett
On 16 Oct 2015, at 12:56 PM, Stefan Eissing wrote: > I am not blacklisting ciphers for the whole server. I try to define > the security settings required for HTTP/2 as defined in the standard - > as a configurable directive. > > There is no problem with denying

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Stefan Eissing
Yes, I proposed something along those lines at the http workshop this summer. Needs some more pushing, it seems. There is one thing that I understood to be implied by all this: that h2 is not negotiated when the security is too weak. Which, the more I think and implemented about it, does not

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Yann Ylavic
On Fri, Oct 16, 2015 at 12:21 PM, Yann Ylavic wrote: > > And maybe more importantly, what remains currently? Actually I tried some brute bash script (attached) to show what remains compared to "openssl ciphers ALL", and the result is: * libressl/install/2.2.1/bin/openssl:

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Yann Ylavic
On Fri, Oct 16, 2015 at 1:38 PM, Yann Ylavic wrote: > > Actually I tried some brute bash script (attached) Really attached now... http2_vs_openssl.sh Description: Bourne shell script

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Yann Ylavic
On Fri, Oct 16, 2015 at 2:33 PM, Yann Ylavic wrote: > On Fri, Oct 16, 2015 at 1:38 PM, Yann Ylavic wrote: >> >> Actually I tried some brute bash script (attached) to show what >> remains compared to "openssl ciphers ALL", and the result is: >> >> *

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Chris
interesting that chrome is happily using h2 on my domain that I activated for h2 earlier and I have a couple of banned ciphers in mod_ssl. On 16 October 2015 at 13:33, Yann Ylavic wrote: > On Fri, Oct 16, 2015 at 1:38 PM, Yann Ylavic wrote: >> >>

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Eric Covener
On Fri, Oct 16, 2015 at 9:28 AM, Chris wrote: > interesting that chrome is happily using h2 on my domain that I > activated for h2 earlier and I have a couple of banned ciphers in > mod_ssl. unbanned ones listed earlier, or no SSLHonorCipherOrder?

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Chris
sslhonorcipherorder is definitely set. I will check again to see if is in the unbanned ones. On 16 October 2015 at 14:37, Eric Covener wrote: > On Fri, Oct 16, 2015 at 9:28 AM, Chris wrote: >> interesting that chrome is happily using h2 on my domain that

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Chris
here is ciphers as listed by ssllabs scanning a site on the server. (in the order set) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH 256 bits (eq. 3072 bits RSA) FS 128

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Chris
here is my cipher list used in mod_ssl SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDH+AES128:ECDHE-RSA-AES256-GCM-SHA384:ECDH+AES256:ECDH+3DES:CHACHA20+POLY1305:DHE-RSA-AES128-SHA:RSA+3DES:!aNULL:!MD5 note tho poly1305 doesnt work so ignore that one. On 16 October 2015 at 14:37, Eric Covener

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Yann Ylavic
Some of them are not banned, so I don't see why Chrome should complain. Is the selected cipher a banned one? On Fri, Oct 16, 2015 at 4:29 PM, Chris wrote: > here is my cipher list used in mod_ssl > > SSLCipherSuite >

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Yann Ylavic
Yes, the browser won't see the whole list, only the selected one. On Fri, Oct 16, 2015 at 4:33 PM, Chris wrote: > ahh so only one needs to be unbanned for it to work? > > the selected cipher isnt banned no. > > On 16 October 2015 at 15:32, Yann Ylavic

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Chris
ahh so only one needs to be unbanned for it to work? the selected cipher isnt banned no. On 16 October 2015 at 15:32, Yann Ylavic wrote: > Some of them are not banned, so I don't see why Chrome should complain. > Is the selected cipher a banned one? > > On Fri, Oct 16,

Re: H2 compatible ciphers (was: svn commit: r1708593)

2015-10-16 Thread Chris
good to know thanks :) Thats why I was told off for suggesting supporting ie8 and http2 at the same time was not possible then :) On 16 October 2015 at 15:35, Yann Ylavic wrote: > Yes, the browser won't see the whole list, only the selected one. > > On Fri, Oct 16, 2015 at