On Tuesday, May 26, 2015 5:12 PM Remi Gacogne wrote: > On 05/23/2015 08:47 AM, Willy Tarreau wrote: > > Do you have any idea about the ratio of clients (on the net) which don't > > support ECDHE right now but support DHE ? > > Basically, by totally removing DHE, we would be losing forward secrecy for: > - Java <= 6 ; > - OpenSSL <= 1.0.0 ; > - Android <= 3. > > Note that moving to a DH size of 2048-bit is an issue if you have Java 6 > clients anyway (Java 7 does not support DHE > 1024-bit either, but does > support ECDHE).
What about other clients (ie. browsers running on different OS combinations) - especially legacy systems? Will IE7 on Windows XP have problems if I change to a 2048 or even a 4096 DH group? What about other combinations of client/OS? We've only offer TLS (no SSLv3) and use Mozillas Intermediate compatibility ciphersuite, but I need to keep backwards compatibility with a lot of legacy clients that I have no control over. If changing to a higher DH group breaks connectivity with even just a few ordinary browser/OS combinations I am afraid that I have no choice to stick with the current vunerable group.. Regards, Jens Dueholm Christensen Survey IT
