On Wed, Dec 30, 2020 at 02:09:46AM +0100, Klemens Nanni wrote: > On Wed, Dec 30, 2020 at 02:02:44AM +0100, Klemens Nanni wrote: > > default (alias for "secure") > > legacy (alias for "all") > without double quotes > First time poster, so, Hi!
Been browsing around this TLS topic, cipphers, standards, and options and would like to comment. With MSMTP I have provided a gnutls priority string that gives me ecdsa-secp256r1-sha SSL certificate option, rather than the "recommended for desktop" 2048 bits RSA. For most other thing, without application support to configure this for openssl, you end up with assumed 112 bit strengt RSA instead of assumed 128 bits NIST P-256 Curve. Or maybe I am wrong and missing some insight into openssl and libressl internals and how to check and confirm. With gnutls-cli, it seem that ECDSA certificates get chosen if it is TLS 1.3, and if it is TLS 1.2 it picks RSA. And without double checking, it looks like openssl chooses the latter in both protocols, where in TLS 1.2 one doesn't even seem to be guaranteed that the connection even uses the same signing algorithm as they certificate, let alone actually using or authenticating with the certificate to validate. Which is more interesting than how it can be somewhat difficult to get "recommended" ciphers from both standards with support in both. Irrespective of ciphers involved, is TLS 1.2 "secure" -- pun intended; and the symolic -- freudian-slip -- perhaps not an error needing correction. Given that "secure" and default both gives TLS 1.2 and higher, where there are two ways to guess incorrectly; whether its strength or technicalities involved, or correctly thereof. As a side note, how Debian provides a openssl.cnf to change default SECLEVEL doesn't seem to be in libressl, if at all possible, not documented sufficiently for clowns like me who like Curves, and it seems to be in the times to move away from RSA as the keys are getting bulky.
