On 08/24/2013 11:38 AM, Reindl Harald wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=319901
looks like Redhat based systems are the only remaining
which does not support EECDHE which is a shame these
days in context of PRISM and more and more Ciphers
are going to be unuseable (BEAST/CRIME weakness)
Current Fedora supports perfect forward secrecy just fine. It's just
that web server operators routinely refuse to offer it. (The situation
is different with mail servers.) Operational benefits look rather
marginal to me. It may discourage interested parties from requesting
server private keys, but even that isn't assured. It does not help
against server operators which provide third parties with cleartext
copies of transmissions, obviously.
Perfect forward secrecy is totally unrelated to padding oracles and
compression leaks. Fedora already provides several countermeasures
against those, such as TLS 1.2 support and disabling compression. These
issues require active attacks and would leave traces in sufficiently
detailed log files, too.
--
Florian Weimer / Red Hat Product Security Team
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
