[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Recommended HKPS protocols & ciphersuites?

From: Pete Stephenson
Subject: Re: [Sks-devel] Recommended HKPS protocols & ciphersuites?
Date: Sun, 03 Aug 2014 23:13:39 +0200
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On 8/3/2014 10:55 PM, David Benfell wrote:
> On Sun, Aug 03, 2014 at 09:29:49PM +0200, Pete Stephenson wrote:
>> Hi all,
>> For those running HKPS-enabled servers in the pool, what protocols and
>> ciphersuites do you use?
>> I'd hope that it'd be safe these days to disable SSLv2. How about SSLv3?
>> RC4?
>> I'd like to provide a reasonable fallback to older clients that don't
>> support modern ciphers, but without jeopardizing the security of modern
>> clients that do.
> Here is my incantation for Apache (I think this will work in both 2.2
> and 2.4, but I don't remember). It gets me an A+ rating on the Qualys
> SSL test:
>         SSLEngine on
>         SSLProtocol -ALL -SSLv3 +TLSv1 +TLSv1.2
>         SSLCipherSuite

That's a good selection. You might also consider !NULL, !EXP, and !SRP
-- with openssl 1.0.1f on my system, your list includes those options.
Null and export ciphers are always a bad thing.

The current recommendation from Qualys[1] is to use TLSv1/1.1/1.2 with:

However, that recommendation is primarily for web browsers. I have no
idea what SSL/TLS capabilities are available to HKPS-capable OpenPGP
clients, so I don't know if leaving out SSLv3 is a problem, if old
clients support PFS, or if it'd be necessary to include 3DES/RC4 as a

Very limited (2-3 queries) testing suggests that gnupg-curl on Debian
systems supports DHE-RSA-AES256-SHA256 with TLSv1.2. Another query is
from a random user and their OpenPGP client supports TLSv1.2 and
ECDHE-RSA-AES256-GCM-SHA384; not even modern web browsers support that
yet, so I'm impressed.

> However, I have been mean about some older clients. I don't care about
> Yandex, for example, and don't know why they don't update their SSL
> capabilities.

I take a similar approach on my websites: all modern browser support
TLSv1 or higher and DHE/ECDHE. I see no reason to support old browsers
in general, but there are a lot of legacy OpenPGP clients out there that
I don't want to shut out.

P.S. I sent you a message a few days ago regarding peering but your
server is bouncing it with "450 4.3.2 Service currently unavailable".


Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]