[openssl-users] stunnel 5.46 released
Viktor Dukhovni
openssl-users at dukhovni.org
Thu May 31 04:15:24 UTC 2018
> On May 31, 2018, at 12:09 AM, Michal Trojnara <Michal.Trojnara at stunnel.org> wrote:
>
> I respectfully disagree. The only practical disadvantage of kRSA is
> that it doesn't provide PFS. Losing PFS is bad, but it's not a huge
> price for ensuring secure key exchange.
There's an assumption here that DHE key exchange is not secure,
while ECDHE is secure. That assumption is wrong. Only export
grade DHE was shown weak in logjam. OpenSSL no longer accepts
weak DHE keys. There are also weak ECDSA curves that old
implementations would accept, there nothing fundamentally
better (performance aside) about ECDHE vs. DHE. Indeed
some trust DHE more because the keys are larger and perhaps
more resistant to QC, and the mathematics is better understood
(less bleeding edge than elliptic curves).
I expect there are still plenty of LTS RedHat systems that
ship without EC support, though yes anything reasonably
up to date, will have EC support.
Ultimately of course up to you and your users, I think I've
made my case as well as I could. Good luck.
--
Viktor.
More information about the openssl-users
mailing list