comment out an old section which we simply kept before since it has a nice table...
authorAaron Kaplan <aaron@lo-res.org>
Mon, 2 Dec 2013 20:44:09 +0000 (21:44 +0100)
committerAaron Kaplan <aaron@lo-res.org>
Mon, 2 Dec 2013 20:44:09 +0000 (21:44 +0100)
src/cipher_suites/choosing.tex

index 19ffc47..e2bb92d 100644 (file)
@@ -124,107 +124,107 @@ Other hash functions like MD2, MD4 or MD5 are unsafe and broken: \texttt{!MD2:!M
 %\item RFC7027 - Brainpool Curves              
 %\end{itemize}
 
-\subsubsection{Overview of SSL Server settings}
-
-
-Most Server software (Webservers, Mail servers, etc.) can be configured to prefer certain cipher suites over others. 
-We followed the recommendations by Ivan Ristic's SSL/TLS Deployment Best Practices\footnote{\url{https://www.ssllabs.com/projects/best-practices/index.html}} document (see section 2.2 "Use Secure Protocols") and arrived at a list of recommended cipher suites for SSL enabled servers.
-
-Following Ivan Ristic's adivce we arrived at a categorisation of cipher suites.
-
-\begin{center}
-\begin{tabular}{lllll}
-\cmidrule[\heavyrulewidth]{2-5}
-& \textbf{Version}   & \textbf{KeyEx} & \textbf{Cipher}    & \textbf{MAC}       \\\cmidrule(lr){2-5}
-\cellcolor{green}prefer  & TLS 1.2   & DHE\_DSS   & AES\_256\_GCM   & SHA384        \\
-    &   & DHE\_RSA   & AES\_256\_CCM   & SHA256        \\
-    &   & ECDHE\_ECDSA   & AES\_256\_CBC   &       \\
-    &   & ECDHE\_RSA &   &       \\ 
-    &   &   &   &       \\
-\cellcolor{orange}consider    & TLS 1.1   & DH\_DSS    & AES\_128\_GCM   & SHA       \\
-    & TLS 1.0   & DH\_RSA    & AES\_128\_CCM   &       \\
-    &   & ECDH\_ECDSA    & AES\_128\_CBC   &       \\ 
-    &   & ECDH\_RSA  & CAMELLIA\_256\_CBC  &       \\
-    &   & RSA   & CAMELLIA\_128\_CBC  &       \\
-    &   &   &   &       \\
-\cellcolor{red}avoid   
-& SSL 3.0   & NULL  & NULL  & NULL      \\
-    &   & DH\_anon   & RC4\_128   & MD5       \\
-    &   & ECDH\_anon & 3DES\_EDE\_CBC  &       \\
-    &   &   & DES\_CBC   &       \\
-    &   &   &   &       \\
-\cellcolor{blue}{\color{white}special }
-&   & PSK   & CAMELLIA\_256\_GCM  &       \\
-    &   & DHE\_PSK   & CAMELLIA\_128\_GCM  &       \\
-    &   & RSA\_PSK   & ARIA\_256\_GCM  &       \\
-    &   & ECDHE\_PSK & ARIA\_256\_CBC  &       \\
-    &   &   & ARIA\_128\_GCM  &       \\
-    &   &   & ARIA\_128\_CBC  &       \\
-    &   &   & SEED  &       \\
-\cmidrule[\heavyrulewidth]{2-5}
-\end{tabular}
-\end{center}
-
-A remark on the ``consider'' section: the BSI (Federal office for information security, Germany) recommends in its technical report TR-02102-2\footnote{\url{https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102-2_pdf.html}} to \textbf{avoid} non-ephemeral\footnote{Ephemeral keys are session keys which are destroyed upon termination of the encrypted session. In TLS/SSL, they are realized by the DHE cipher suites. } keys for any communication which might contain personal or sensitive data. In this document, we follow BSI's advice and therefore only keep cipher suites containing (EC)DH\textbf{E} (ephemeral) variants. System administrators, who can not use forward secrecy can still use the cipher suites in the ``consider'' section. We however, do not recommend them in this document.
-
-%% NOTE: s/forward secrecy/perfect forward secrecy???
-
-Note that the entries marked as ``special'' are cipher suites which are not common to all clients (webbrowsers etc).
-
-
-\subsubsection{Tested clients}
-Next we tested the cipher suites above on the following clients:
-
-%% NOTE: we need to test with more systems!!
-\begin{itemize}
-\item Chrome 30.0.1599.101 Mac OS X 10.9
-\item Safari 7.0 Mac OS X 10.9
-\item Firefox 25.0 Mac OS X 10.9
-\item Internet Explorer 10 Windows 7
-\item Apple iOS 7.0.3
-\end{itemize}
-
-
-The result of testing the cipher suites with these clients gives us a preference order as shown in table \ref{table:prefOrderCipherSuites}. 
-Should a client not be able to use a specific cipher suite, it will fall back to the next possible entry as given by the ordering.
-
-\begin{table}[h]
-\centering\small
-    \begin{tabular}{cllcccc}
-    \toprule
-    \textbf{Pref}   & \textbf{Cipher Suite}                            & \textbf{ID}   & \multicolumn{4}{l}{\textbf{Supported by}}\\ 
-    \cmidrule(lr){4-7}
-                    & \textbf{OpenSSL Name}                            &               & Chrome & FF   & IE   & Safari \\
-    \cmidrule(lr){1-7}
-    \phantom{0}1    & \verb|TLS_DHE_RSA_WITH_AES_256_GCM_SHA384|     & \verb|0x009f| & \no    & \no  & \no  & \no    \\
-                    & \verb|DHE-RSA-AES256-GCM-SHA384|                      &               & &&&\\\rowcolor{lightlightgray}
-    \phantom{0}2    & \verb|TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384| & \verb|0xC024| & \no    & \no  & \no  & \yes   \\\rowcolor{lightlightgray}
-                    & \verb|ECDHE-ECDSA-AES256-SHA384|                      &               & &&&\\
-    \phantom{0}3    & \verb|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384|   & \verb|0xC028| & \no    & \no  & \no  & \yes   \\
-                    & \verb|ECDHE-RSA-AES256-SHA384|                        &               & &&&\\\rowcolor{lightlightgray}
-    \phantom{0}4    & \verb|TLS_DHE_RSA_WITH_AES_256_CBC_SHA256|     & \verb|0x006B| & \yes   & \no  & \no  & \yes   \\\rowcolor{lightlightgray}
-                    & \verb|DHE-RSA-AES256-SHA256|                          &               & &&&\\
-    \phantom{0}5    & \verb|TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA|    & \verb|0xC00A| & \yes   & \yes & \yes & \yes   \\
-                    & \verb|ECDHE-ECDSA-AES256-SHA|                         &               & &&&\\\rowcolor{lightlightgray}
-    \phantom{0}6    & \verb|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA|      & \verb|0xC014| & \yes   & \yes & \yes & \yes   \\\rowcolor{lightlightgray}
-                    & \verb|ECDHE-RSA-AES256-SHA|                           &               & &&&\\
-    \phantom{0}7    & \verb|TLS_DHE_RSA_WITH_AES_256_CBC_SHA|        & \verb|0x0039| & \yes   & \yes & \no  & \yes   \\
-                    & \verb|DHE-RSA-AES256-SHA|                             &               & &&&\\\rowcolor{lightlightgray}
-    \phantom{0}8    & \verb|TLS_DHE_DSS_WITH_AES_256_CBC_SHA|        & \verb|0x0038| & \no    & \yes & \yes & \no    \\\rowcolor{lightlightgray}
-                    & \verb|DHE-DSS-AES256-SHA|                             &               & &&&\\
-    \phantom{0}9    & \verb|TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA|   & \verb|0x0088| & \no    & \yes & \no  & \no    \\
-                    & \verb|DHE-RSA-CAMELLIA256-SHA|                        &               & &&&\\\rowcolor{lightlightgray}
-    \phantom{}10    & \verb|TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA|   & \verb|0x0087| & \no    & \yes & \no  & \no    \\\rowcolor{lightlightgray}
-                    & \verb|DHE-DSS-CAMELLIA256-SHA|                        &               & &&&\\
-   \bottomrule
-    \end{tabular}
-\caption{Preference order of cipher suites.  All suites are supported by OpenSSL.}
-\label{table:prefOrderCipherSuites}
-\end{table}
-
-Note: the above table \ref{table:prefOrderCipherSuites} contains Elliptic curve key exchanges. There are currently strong doubts\footnote{\url{http://safecurves.cr.yp.to/rigid.html}} concerning ECC.
-If unsure, remove the cipher suites starting with ECDHE in the table above.
-
-
-Based on this ordering, we can now define the corresponding settings for servers. We will start with the most common web servers.
+%\subsubsection{Overview of SSL Server settings}
+%
+%
+%Most Server software (Webservers, Mail servers, etc.) can be configured to prefer certain cipher suites over others. 
+%We followed the recommendations by Ivan Ristic's SSL/TLS Deployment Best Practices\footnote{\url{https://www.ssllabs.com/projects/best-practices/index.html}} document (see section 2.2 "Use Secure Protocols") and arrived at a list of recommended cipher suites for SSL enabled servers.
+%
+%Following Ivan Ristic's adivce we arrived at a categorisation of cipher suites.
+%
+%\begin{center}
+%\begin{tabular}{lllll}
+%\cmidrule[\heavyrulewidth]{2-5}
+%& \textbf{Version}   & \textbf{KeyEx} & \textbf{Cipher}    & \textbf{MAC}       \\\cmidrule(lr){2-5}
+%\cellcolor{green}prefer  & TLS 1.2   & DHE\_DSS   & AES\_256\_GCM   & SHA384        \\
+%    &   & DHE\_RSA   & AES\_256\_CCM   & SHA256        \\
+%    &   & ECDHE\_ECDSA   & AES\_256\_CBC   &       \\
+%    &   & ECDHE\_RSA &   &       \\ 
+%    &   &   &   &       \\
+%\cellcolor{orange}consider    & TLS 1.1   & DH\_DSS    & AES\_128\_GCM   & SHA       \\
+%    & TLS 1.0   & DH\_RSA    & AES\_128\_CCM   &       \\
+%    &   & ECDH\_ECDSA    & AES\_128\_CBC   &       \\ 
+%    &   & ECDH\_RSA  & CAMELLIA\_256\_CBC  &       \\
+%    &   & RSA   & CAMELLIA\_128\_CBC  &       \\
+%    &   &   &   &       \\
+%\cellcolor{red}avoid   
+%& SSL 3.0   & NULL  & NULL  & NULL      \\
+%    &   & DH\_anon   & RC4\_128   & MD5       \\
+%    &   & ECDH\_anon & 3DES\_EDE\_CBC  &       \\
+%    &   &   & DES\_CBC   &       \\
+%    &   &   &   &       \\
+%\cellcolor{blue}{\color{white}special }
+%&   & PSK   & CAMELLIA\_256\_GCM  &       \\
+%    &   & DHE\_PSK   & CAMELLIA\_128\_GCM  &       \\
+%    &   & RSA\_PSK   & ARIA\_256\_GCM  &       \\
+%    &   & ECDHE\_PSK & ARIA\_256\_CBC  &       \\
+%    &   &   & ARIA\_128\_GCM  &       \\
+%    &   &   & ARIA\_128\_CBC  &       \\
+%    &   &   & SEED  &       \\
+%\cmidrule[\heavyrulewidth]{2-5}
+%\end{tabular}
+%\end{center}
+%
+%A remark on the ``consider'' section: the BSI (Federal office for information security, Germany) recommends in its technical report TR-02102-2\footnote{\url{https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102-2_pdf.html}} to \textbf{avoid} non-ephemeral\footnote{Ephemeral keys are session keys which are destroyed upon termination of the encrypted session. In TLS/SSL, they are realized by the DHE cipher suites. } keys for any communication which might contain personal or sensitive data. In this document, we follow BSI's advice and therefore only keep cipher suites containing (EC)DH\textbf{E} (ephemeral) variants. System administrators, who can not use forward secrecy can still use the cipher suites in the ``consider'' section. We however, do not recommend them in this document.
+%
+%%% NOTE: s/forward secrecy/perfect forward secrecy???
+%
+%Note that the entries marked as ``special'' are cipher suites which are not common to all clients (webbrowsers etc).
+%
+%
+%\subsubsection{Tested clients}
+% 
+%Next we tested the cipher suites above on the following clients:
+%
+%%% NOTE: we need to test with more systems!!
+%\begin{itemize}
+%\item Chrome 30.0.1599.101 Mac OS X 10.9
+%\item Safari 7.0 Mac OS X 10.9
+%\item Firefox 25.0 Mac OS X 10.9
+%\item Internet Explorer 10 Windows 7
+%\item Apple iOS 7.0.3
+%\end{itemize}
+%
+%
+%The result of testing the cipher suites with these clients gives us a preference order as shown in table \ref{table:prefOrderCipherSuites}. 
+%Should a client not be able to use a specific cipher suite, it will fall back to the next possible entry as given by the ordering.
+%
+%\begin{table}[h]
+%\centering\small
+%    \begin{tabular}{cllcccc}
+%    \toprule
+%    \textbf{Pref}   & \textbf{Cipher Suite}                            & \textbf{ID}   & \multicolumn{4}{l}{\textbf{Supported by}}\\ 
+%    \cmidrule(lr){4-7}
+%                    & \textbf{OpenSSL Name}                            &               & Chrome & FF   & IE   & Safari \\
+%    \cmidrule(lr){1-7}
+%    \phantom{0}1    & \verb|TLS_DHE_RSA_WITH_AES_256_GCM_SHA384|     & \verb|0x009f| & \no    & \no  & \no  & \no    \\
+%                    & \verb|DHE-RSA-AES256-GCM-SHA384|                      &               & &&&\\\rowcolor{lightlightgray}
+%    \phantom{0}2    & \verb|TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384| & \verb|0xC024| & \no    & \no  & \no  & \yes   \\\rowcolor{lightlightgray}
+%                    & \verb|ECDHE-ECDSA-AES256-SHA384|                      &               & &&&\\
+%    \phantom{0}3    & \verb|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384|   & \verb|0xC028| & \no    & \no  & \no  & \yes   \\
+%                    & \verb|ECDHE-RSA-AES256-SHA384|                        &               & &&&\\\rowcolor{lightlightgray}
+%    \phantom{0}4    & \verb|TLS_DHE_RSA_WITH_AES_256_CBC_SHA256|     & \verb|0x006B| & \yes   & \no  & \no  & \yes   \\\rowcolor{lightlightgray}
+%                    & \verb|DHE-RSA-AES256-SHA256|                          &               & &&&\\
+%    \phantom{0}5    & \verb|TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA|    & \verb|0xC00A| & \yes   & \yes & \yes & \yes   \\
+%                    & \verb|ECDHE-ECDSA-AES256-SHA|                         &               & &&&\\\rowcolor{lightlightgray}
+%    \phantom{0}6    & \verb|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA|      & \verb|0xC014| & \yes   & \yes & \yes & \yes   \\\rowcolor{lightlightgray}
+%                    & \verb|ECDHE-RSA-AES256-SHA|                           &               & &&&\\
+%    \phantom{0}7    & \verb|TLS_DHE_RSA_WITH_AES_256_CBC_SHA|        & \verb|0x0039| & \yes   & \yes & \no  & \yes   \\
+%                    & \verb|DHE-RSA-AES256-SHA|                             &               & &&&\\\rowcolor{lightlightgray}
+%    \phantom{0}8    & \verb|TLS_DHE_DSS_WITH_AES_256_CBC_SHA|        & \verb|0x0038| & \no    & \yes & \yes & \no    \\\rowcolor{lightlightgray}
+%                    & \verb|DHE-DSS-AES256-SHA|                             &               & &&&\\
+%    \phantom{0}9    & \verb|TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA|   & \verb|0x0088| & \no    & \yes & \no  & \no    \\
+%                    & \verb|DHE-RSA-CAMELLIA256-SHA|                        &               & &&&\\\rowcolor{lightlightgray}
+%    \phantom{}10    & \verb|TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA|   & \verb|0x0087| & \no    & \yes & \no  & \no    \\\rowcolor{lightlightgray}
+%                    & \verb|DHE-DSS-CAMELLIA256-SHA|                        &               & &&&\\
+%   \bottomrule
+%    \end{tabular}
+%\caption{Preference order of cipher suites.  All suites are supported by OpenSSL.}
+%\label{table:prefOrderCipherSuites}
+%\end{table}
+%
+%Note: the above table \ref{table:prefOrderCipherSuites} contains Elliptic curve key exchanges. There are currently strong doubts\footnote{\url{http://safecurves.cr.yp.to/rigid.html}} concerning ECC.
+%If unsure, remove the cipher suites starting with ECDHE in the table above.
+%
+%
+%Based on this ordering, we can now define the corresponding settings for servers. We will start with the most common web servers.