On Thu, May 5, 2016 at 4:33 PM, Brian Smith <br...@briansmith.org> wrote: > Zoogtfyz <zoogt...@protonmail.com> wrote: >> >> 3) DHE (not ECDHE) cipher suits are far too often implemented incorrectly, >> most often with default common DH primes, DH parameter reuse, or generally >> weak bitstrenght (equivalent to 1024bit RSA, which is already considered >> insecure in Firefox). Hence it's better to remove support for DHE (not >> ECDHE) cipher suits rather than give false sense of security. >> > > I agree. I think if people want non-ECC DHE cipher suites, then at a > minimum we need to define new cipher suite IDs for them that imply keys of > at least 2048 bits. Unless/until that happens, they are more trouble than > they are worth. > > Note that Chrome recently reached the same conclusion.
Is a reasonable path to implement https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe-10 and treat ECDHE suites as being DHE using a Supported Group? This would avoid new cipher suite IDs and accomplish the same result. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
