Mailinglist Archive: yast-devel (59 mails)

< Previous Next >
[yast-devel] Re: [studio-devel] ephemeral keying for apache2
  • From: Thomas Biege <thomas@xxxxxxx>
  • Date: Wed, 31 Mar 2010 20:22:33 +0200
  • Message-id: <201003312022.34170.thomas@xxxxxxx>
Hello Peter,

Am Mittwoch 31 März 2010 16:45:47 schrieb Peter Bowen:
On Wed, 2010-03-31 at 14:08 +0200, Thomas Biege wrote:
Am Mittwoch 31 März 2010 13:21:56 schrieb Peter Bowen:
On Wed, 2010-03-31 at 10:51 +0200, Thomas Biege wrote:
during the secure development workshop last week in Prague
the question came up how to configure ephemeral keying using
apache2/mod_ssl.

Thomas,

Unfortunately I was not in Prague, so I don't have the background on
this. Can you please explain a little about what ephemeral keying is
and why one wants it?

Thanks,
Peter

It influences the ssl handshake and creates something that is called
'perfect forward secrecy' (PFS).
The perfect forward secrecy means that an adversary can capture the
encrypted traffic and when she gains access to your private key is not
able do decrypt the already sent data as well as data from future
transmissions. (But she can of course spoof the identity of the SSL-
enabled server with the key.)

So we have the following right now for Studio:

SSLCipherSuite ALL:!ADH:!EXP:!LOW:!MEDIUM:+HIGH:+SSLv2

After a little poking, it looks like:

SSLCipherSuite kEDH:@STRENGTH:ALL:!ADH:!EXP:!LOW:!MEDIUM:!MD5:!3DES:
+SSLv2

is what we want. It will put the DH key exchange algorithms first
(OpenSSL docs note "non-ephemeral DH modes are currently unimplemented",
so this mean ephemeral keying), sorted by strength, then all the other
ciphers. We exclude export-grade (40 bit), low, and medium ciphers as
well as those using MD5 hashing and those using 3DES bulk cipher.

Admittedly this effectively disables SSLv2 (as most v2 implementations
only offer MD5), but anything that only supports SSLv2 is likely full of
security holes at this point.

From a security perspective this looks good!

What was the reason behind disabling 3DES?

BTW, you are right having SSLv2 in the CipherSuite doesn't make
sense if we disallow MD5, LOW, MEDIUM and 3DES.
Additionally SSLv2 is insecure and obsolete since more than 11 years
now.


Bye
Thomas

--
Thomas Biege <thomas@xxxxxxx>, SUSE LINUX, Security Support & Auditing
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
-- Marie von Ebner-Eschenbach
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-devel+help@xxxxxxxxxxxx

< Previous Next >
List Navigation
This Thread
References