> On Tuesday, May 26, 2015 5:12 PM Remi Gacogne wrote: > >> On 05/23/2015 08:47 AM, Willy Tarreau wrote: >>> Do you have any idea about the ratio of clients (on the net) which don't >>> support ECDHE right now but support DHE ? >> >> Basically, by totally removing DHE, we would be losing forward secrecy for: >> - Java <= 6 ; >> - OpenSSL <= 1.0.0 ; >> - Android <= 3. >> >> Note that moving to a DH size of 2048-bit is an issue if you have Java 6 >> clients anyway (Java 7 does not support DHE> 1024-bit either, but does >> support ECDHE). > > What about other clients (ie. browsers running on different OS combinations) > - especially legacy systems?
If your refer to long EOL'ed system, then they probably don't support DHE at all. > Will IE7 on Windows XP have problems if I change to a 2048 or even a 4096 DH > group? Scannel on Windows XP doesn't support DHE with RSA, therefor IE6/7/8 will connect just fine (without FS). > If changing to a higher DH group breaks connectivity with even just a few > ordinary > browser/OS combinations I am afraid that I have no choice to stick with the > current > vunerable group.. DHE is not necessary to connect. Your legacy clients will just negotiate a non-FS ciphersuite. Lukas
