Am 09.09.2013 12:55, schrieb Florian Weimer:
On 09/09/2013 11:58 AM, Andrew Haley wrote:
On 09/07/2013 12:52 AM, Gregory Maxwell wrote:
Regardless, I think that argument would be an ignorant one: Approximately no one runs non-ECDH PFS on the web: it's insanely slow and it breaks clients.
Hmm. Isn't non-ECDH PFS just straight integer (mod N) Diffie-Hellman?
Yes, it is.
And that's what is insanely slow?
I don't get it, either
google "dhe versus ecdhe performance"
http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
Let’s focus on the server part. Enabling DHE-RSA-AES128-SHA cipher suite hinders the performance of TLS handshakes by a factor of 3. Using ECDHE-RSA-AES128-SHA instead only adds an overhead of 27%. However, if we use the 64bit optimized version, the cost is only 15%
is that enough to understand why nobody on this world is using DHE and so your "Current Fedora supports perfect forward secrecy just fine" is *far* away from the reality?
it does not help much support forward secrecy in a way *nobody* else on this planet is supporting it and so you repsonse below is uneducated - period
-------- Original-Nachricht -------- Betreff: Re: Fedora/Redhat and perfect forward secrecy Datum: Mon, 26 Aug 2013 11:07:29 +0200 Von: Florian Weimer fweimer@redhat.com An: Development discussions related to Fedora devel@lists.fedoraproject.org Kopie (CC): Reindl Harald h.reindl@thelounge.net, Mailing-List fedora-users users@lists.fedoraproject.org
On 08/24/2013 11:38 AM, Reindl Harald wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=319901
looks like Redhat based systems are the only remaining which does not support EECDHE which is a shame these days in context of PRISM and more and more Ciphers are going to be unuseable (BEAST/CRIME weakness)
Current Fedora supports perfect forward secrecy just fine. It's just that web server operators routinely refuse to offer it. (The situation is different with mail servers.) Operational benefits look rather marginal to me. It may discourage interested parties from requesting server private keys, but even that isn't assured.
-
Reindl Harald