Fedora/Redhat and perfect forward secrecy

Reindl Harald h.reindl at thelounge.net
Mon Aug 26 13:19:27 UTC 2013 


Am 26.08.2013 13:26, schrieb Jan-Frode Myklebust:
> On Mon, Aug 26, 2013 at 11:07:29AM +0200, Florian Weimer wrote:
>> On 08/24/2013 11:38 AM, Reindl Harald wrote:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=319901
>>>
>>> looks like Redhat based systems are the only remaining
>>> which does not support EECDHE which is a shame these
>>> days in context of PRISM and more and more Ciphers
>>> are going to be unuseable (BEAST/CRIME weakness)
>>
>> Current Fedora supports perfect forward secrecy just fine.  
> 
> Just fine -- assuming one ignores the 4-5x performance penalty of DH (vs.
> non-PFS/ECDHE), and also ignore IE and Safari as clients?

in fact Safari is nearly the *one and only* client using PFS on a
Fedora Server - expect you configure ciphers in a way BEAST attack
becomes a vector and you are failing *any* security audit because
of this

besides this *you are unable* to use FPS if you connect to
Google/Facebook with your webbrowser as well for SMTP-STARTTLS
because they use ECDHE and *not* DHE

so in the real world saying "Fedora supports perfect forward secrecy just fine"
is somehow clueless even if someone is now saying that i am unpolite again but
that is the truth and whoever states that this is not true has to prove it

https://www.ssllabs.com/ssltest/

i wasted *6 hours* of my lifetime coming to the result it is not possible with Fedora
_________________________________________________________

actually these clients are the only using DHE and without FF/MSIE/Opera
you can say practiacally *nobody* is using it

Chrome 29 / Win 7 TLS 1.2     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   FS
OpenSSL 1.0.1e TLS 1.2 	      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   FS
Safari 6 / iOS 6.0.1 TLS 1.2  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   FS
Safari 7 / OS X 10.9 TLS 1.2  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   FS
_________________________________________________________

Handshake Simulation
Chrome 29 / Win 7 	TLS 1.2 	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   FS 	256
Firefox 10.0.12 ESR / Win 7 	TLS 1.0 	SSL_RSA_WITH_RC4_128_SHA (0x5)   No FS 	128
Firefox 17.0.7 ESR / Win 7 	TLS 1.0 	SSL_RSA_WITH_RC4_128_SHA (0x5)   No FS 	128
Firefox 21 / Fedora 19 	TLS 1.0 	SSL_RSA_WITH_RC4_128_SHA (0x5)   No FS 	128
Firefox 22 / Win 7 	TLS 1.0 	SSL_RSA_WITH_RC4_128_SHA (0x5)   No FS 	128
IE 6 / XP   No FS *		Fail**
IE 7 / Vista 	TLS 1.0 	SSL_RSA_WITH_RC4_128_SHA (0x5)   No FS 	128
IE 8 / XP   No FS *		TLS 1.0 	SSL_RSA_WITH_RC4_128_SHA (0x5)   No FS 	128
IE 8-10 / Win 7 	TLS 1.0 	SSL_RSA_WITH_RC4_128_SHA (0x5)   No FS 	128
IE 11 / Win 8.1 	TLS 1.2 	TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 	256
Java 6u45 	TLS 1.0 	SSL_RSA_WITH_RC4_128_SHA (0x5)   No FS 	128
Java 7u25 	TLS 1.0 	SSL_RSA_WITH_RC4_128_SHA (0x5)   No FS 	128
OpenSSL 0.9.8y 	TLS 1.0 	SSL_RSA_WITH_RC4_128_SHA (0x5)   No FS 	128
OpenSSL 1.0.1e 	TLS 1.2 	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   FS 	256
Opera 12.15 / Win 7 	TLS 1.0 	SSL_RSA_WITH_RC4_128_SHA (0x5)   No FS 	128
Opera 15 / Win 7 	TLS 1.1 	SSL_RSA_WITH_RC4_128_SHA (0x5)   No FS 	128
Safari 5.1.9 / OS X 10.6.8 	TLS 1.0 	SSL_RSA_WITH_RC4_128_SHA (0x5)   No FS 	128
Safari 6 / iOS 6.0.1 	TLS 1.2 	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   FS 	256
Safari 6.0.4 / OS X 10.8.4 	TLS 1.0 	SSL_RSA_WITH_RC4_128_SHA (0x5)   No FS 	128
Safari 7 / OS X 10.9 	TLS 1.2 	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   FS

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130826/82ce513b/attachment.sig>

More information about the devel mailing list