Re: [RFC] Improved TLS Defaults
> I haven't read the RFC carefully yet, but it's great proposal!
Thanks!
> You probably reviewed this page already.
> https://wiki.mozilla.org/Security/Server_Side_TLS
>
Yes I have! The cipher list proposed in the RFC was gathered from disparate
research sources that did not include the Mozilla site. However you'll see
that the excluded ciphers in the RFC actually match up directly with those
in Mozilla's "Mandatory discards" section.
Is your recommendation from OpenSSL project or else?
> I couldn't find a page with quick search.
>
This is not surprising: the OpenSSL documentation is fairly outdated in
most areas. However, I've made an effort to provide references for my
reasoning with regard to the individual ciphers listed in the RFC. In
response to your question, I've added more links (including references to
the relevant Mozilla project page) and updated some of the relevant
information in the RFC text. These changes are marked in the revision
history at the top of the wiki page and I've incremented the RFC's version
number from v0.1 to v0.2 to reflect the updates.
@STRENGTH orders cipher as mozilla recommend? It seems this option is for
> this and/or similar purpose.
>
The @STRENGTH element simply allows us to prefer algorithms with longer key
lengths (e.g.256-bit ciphers preferred to 168-bit preferred to 128-bit).
Because TLS clients will negotiate the cipher according to their preference
order it's sensible to add this annotation. The exception to this rule is
when a server specifies the "Honor Cipher Order" option (also proposed for
addition as part of the RFC). For these cases the @STRENGTH specification
still applies because as servers we still should prefer stronger ciphers by
default.
Thread (7 messages)