SSL Cyphers

SSL Ciphers

firefox

this is what firefox lists in about:config. that does not mean it actually supports them, but it does lead one to be hopeful:

security.ssl3.dhe_dss_aes_128_sha
security.ssl3.dhe_dss_aes_256_sha
security.ssl3.dhe_dss_des_ede3_sha
security.ssl3.dhe_dss_des_sha
security.ssl3.dhe_rsa_aes_128_sha
security.ssl3.dhe_rsa_aes_256_sha
security.ssl3.dhe_rsa_des_ede3_sha
security.ssl3.dhe_rsa_des_sha
security.ssl3.rsa_1024_des_cbc_sha
security.ssl3.rsa_1024_rc4_56_sha
security.ssl3.rsa_aes_128_sha
security.ssl3.rsa_aes_256_sha
security.ssl3.rsa_des_ede3_sha
security.ssl3.rsa_des_sha
security.ssl3.rsa_fips_des_ede3_sha
security.ssl3.rsa_fips_des_sha
security.ssl3.rsa_rc2_40_md5
security.ssl3.rsa_rc4_128_md5
security.ssl3.rsa_rc4_128_sha
security.ssl3.rsa_rc4_40_md5

discussion

  • HIGH: a good place to start, we don’t want the low ciphers. They suck!
  • MEDIUM: 128 bits is still pretty good.
  • -SSLv2: there are all kinds of problems with SSLv2. we don’t want it!
  • -RSA: it would be nice to disable RSA because of the “perfect forward secrecy problem”. This makes it so that aliens can sniff your server, then later steal the key and decrypt what they sniffed. it is unknown if we can get this to work in firefox.
  • -aNULL: probably not needed, but we want authentication, so remove ciphers without it.

proposed ciphers

openssl ciphers -v HIGH:MEDIUM:-SSLv2:-aNULL:-RSA

ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDH-RSA-AES128-SHA     SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
ECDH-RSA-DES-CBC3-SHA   SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH     Au=ECDSA Enc=3DES(168) Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
DHE-DSS-RC4-SHA         SSLv3 Kx=DH       Au=DSS  Enc=RC4(128)  Mac=SHA1

The ECDH are elliptic curve cryptography versions of DH+DSA. The elliptic curve counterparts are faster because they can use shorter key lengths for the same degree of security. probably not supported by any clients yet.

working ciphers

Well, that would be nice, but here are some ciphers which actually work:

openssl ciphers -v HIGH:MEDIUM:-SSLv2:-aNULL

ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDH-RSA-AES128-SHA     SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
ECDH-RSA-DES-CBC3-SHA   SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH     Au=ECDSA Enc=3DES(168) Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
DHE-DSS-RC4-SHA         SSLv3 Kx=DH       Au=DSS  Enc=RC4(128)  Mac=SHA1
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5

Here they are as a single string:

ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA AES256-SHA DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA AES128-SHA EDH-RSA-DES-CBC3-SHA EDH-DSS-DES-CBC3-SHA DES-CBC3-SHA DHE-DSS-RC4-SHA RC4-SHA RC4-MD5