Hi, the recent discussion about PRISM and privacy in general made more and more web service operators enabling the so-called 'Perfect Forward Secrecy' (namely enabling Diffie Hellmann key exchange algorithms). For backward compatibility they still leave the none-DH (RSA) enabled, so that many clients (including Wget) choose these during handshake.
To have more control over this behaviour, I would like to see the possibility for the user to force (or at least prefer) DH key exchange plus enabling secure cipher suites (e.g. 256 bit ciphers) Or in general more control to the user about SSL/TLS behaviour. GnuTLS already has a very user-friendly 'priority' scheme which we could open to users with e.g. --secure-protocol=gnutls:SECURE128:+SECURE256:-VERS- SSL3.0:-RSA. (Just an example how it could be done.) To make it easier for users we could also predefine something like --secure- protocol=force-pfs that internally maps to 'NORMAL:-VERS-SSL3.0:-RSA'. We could later write a wrapper to map GnuTLS priority syntax to OpenSSL API calls. Distribution maintainers could define a default in /etc/wgetrc (secureprotocol=...) as they like. Of course there are other ways to achieve the goal. At the moment I prefer extending --secure-protocol to not have another option. And second I prefer GnuTLS because of it's priority strings and because Wget and GnuTLS both are official GNU software. What do you think ? some references http://gnutls.org/manual/html_node/Priority-Strings.html http://nmav.gnutls.org/2011/12/price-to-pay-for-perfect-forward.html https://github.com/ssllabs/research/wiki/Forward-Secrecy To play around with priority string (example): $ gnutls-cli --list www.savannah.de --priority NORMAL:-RSA To check your server security: https://www.ssllabs.com/ssltest/index.html Regards, Tim
