trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <i.ga...@brainsware.org>
Subject Re: Forward Secrecy ?
Date Tue, 26 Nov 2013 15:24:42 GMT


----- Original Message -----
> On Mon, Nov 25, 2013 at 08:22:35AM +0000, Igor Galić wrote:
> > 
> > > and for stud:
> > > 
> > > 	https://github.com/bumptech/stud/pull/61/files
> > 
> > Wow. That's bad. That looks specifically for the *bad* NSA curve constants
> > before initializing the ec code. That's not something I'd rely on, since
> > not even NIST is any more.
> 
> Are there any other relevant curve constants that's usable? Looks to me
> like everyone is using NIST P-384 or NIST P-256, and these are the only
> once available as named curves in my openssl library.
> 
> $ openssl ecparam -list_curves
>   secp384r1 : NIST/SECG curve over a 384 bit prime field
>   prime256v1: X9.62/SECG curve over a 256 bit prime field

igalic@levix ~ % openssl ecparam -list_curves | grep -c :
67
igalic@levix ~ % openssl version
OpenSSL 1.0.1e 11 Feb 2013
igalic@levix ~ %

> BTW: James Peach has already come up with a patch implementing the ECDHE
> ciphers using NIST P-256, so now my test server is forward secret for
> most clients:
> 
> 	https://www.ssllabs.com/ssltest/analyze.html?d=dibs.tanso.net
> 
> 
>   -jf
> 

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 8716 7A9F 989B ABD5 100F  4008 F266 55D6 2998 1641


Mime
View raw message