[openssl-users] Lattice Ciphers
colony.three at protonmail.ch
Mon Dec 18 16:47:14 UTC 2017
> - FF [claims it does DHE/EDH](https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.mozilla.org_Security_Server-5FSide-5FTLS-23Intermediate-5Fcompatibility-5F.28default.29&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=XJoX203uiiC98n6L2888TI9zC37FTWeD7taNoV50GDE&s=v0qGxpAFrqvTmiNnI5_Cl-Yd-tKrA-FDw6jO-lERXjY&e=), but it does not actually, in practice. It does either EC, or RSA. I've tested it. (v52) This does not look like an accident.
> Have you find a server that does DHE/EDH, and only that, that FF cannot connect to?
I've set mine to test this comprehensively. (Apache and NginX) With Apache Firefox -ignores- server-prescribed ciphers and chooses an EC. NginX does properly prevail with the algo. Was this an accident, Apache?
And Firefox simply can not make a connexion when the only choices are the DHE/EDH algos -- which they say they can do [here](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29).
> - "Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can."
> I missed that, thanks. And for non-NSA curves that aren’t influenced?
As with Schnier, I don't trust any EC. It's a shame. I am looking forward to [independent lattice](https://policyreview.info/articles/news/post-snowden-cryptography-and-network-security/390). (Not that Mozilla, will implement it) For now I'm set to DHE/EDH (fruitlessly) and RSA (AES). RSA is cracked by a very few, but this is the decision I've made.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users