Package: libgnutls26 Version: 2.12.18-1 Severity: wishlist File: /usr/lib/x86_64-linux-gnu/libgnutls.so.26
Now that OpenSSL 1.0.1 is in sid, mutt can now talk to my dovecot IMAP server using TLS 1.2 [0]. However, I was disappointed to discover that mutt (which does not have knobs for cipher suites) still uses DHE-RSA/AES-128-CBC/SHA1. Since my processor supports the Intel AESNI instructions, using GCM is very significantly faster than using HMAC (approximately 225% faster) using my own implementation, and runs at almost exactly the same speed as CBC with HMAC-SHA1 (and 47% faster than CBC with HMAC-SHA256) using libgnutls26's unaccelerated implementation. Also, using ECC suites like ECDHE is faster and much more secure than using plain DH. This also means that #476441 should be viewed in a new light; specifically, using ECC cipher suites means that the public-key operations can be of equivalent length to the symmetric-key operations. Finally, if HMAC is going to be used, a stronger hash algorithm than SHA-1 should be chosen. SHA-1 has demonstrable weaknesses that have not been determined to be present in SHA-256, SHA-384, or SHA-512. Currently, GnuTLS by default offers no GCM suites, offers no ECC suites (or ECC curve extensions), prefers the SHA-1 algorithms over the SHA-256 algorithms, and even specifies a cipher suite using MD5 (TLS_RSA_WITH_RC4_128_MD5)! I'd like to request that at least when negotiating TLS 1.2, that GCM be preferred over CBC, that ECC suites be preferred over non-ECC ones, and that if HMAC is used SHA-256 be preferred over SHA-1. I would like to point out that except for the latter decision (which is slightly slower), all of these have the effect of improving *both* performance and security. [0] My dovecot server is using AESGCM:ECDH:ALL:-MD5:-RC4:!LOW:!SSLv2:!EXP:!aNULL as the cipher suite specification. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.3.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libgnutls26 depends on: ii libc6 2.13-27 ii libgcrypt11 1.5.0-3 ii libp11-kit0 0.12-2 ii libtasn1-3 2.12-1 ii multiarch-support 2.13-27 ii zlib1g 1:1.2.6.dfsg-2 libgnutls26 recommends no packages. libgnutls26 suggests no packages. -- no debconf information -- debsums errors found: debsums: package libgnutls26 is not installed -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature