[openssl-users] Lattice Ciphers

[Colony.three]

> - FF [claims it does DHE/EDH](https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.mozilla.org_Security_Server-5FSide-5FTLS-23Intermediate-5Fcompatibility-5F.28default.29&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=XJoX203uiiC98n6L2888TI9zC37FTWeD7taNoV50GDE&s=v0qGxpAFrqvTmiNnI5_Cl-Yd-tKrA-FDw6jO-lERXjY&e=), but it does not actually, in practice.  It does either EC, or RSA.  I've tested it. (v52)  This does not look like an accident.
>
>  Have you find a server that does DHE/EDH, and only that, that FF cannot connect to?

I've set mine to test this comprehensively. (Apache and NginX)  With Apache Firefox -ignores- server-prescribed ciphers and chooses an EC.  NginX does properly prevail with the algo.  Was this an accident, Apache?

And Firefox simply can not make a connexion when the only choices are the DHE/EDH algos -- which they say they can do [here](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29).

> - "Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can."
>
> I missed that, thanks.  And for non-NSA curves that aren’t influenced?

As with Schnier, I don't trust any EC.  It's a shame.  I am looking forward to [independent lattice](https://policyreview.info/articles/news/post-snowden-cryptography-and-network-security/390). (Not that Mozilla, will implement it)  For now I'm set to DHE/EDH (fruitlessly) and RSA (AES).  RSA is cracked by a very few, but this is the decision I've made.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171218/5e921354/attachment.html>