On 11/19/2015 17:01, Janusz Dziemidowicz wrote: > 2015-11-19 15:45 GMT+01:00 Piotr Kubaj <pku...@riseup.net>: >> Now, about RSA vs ECDSA. I simply don't trust ECDSA. There are quite a >> lot of questions about constants used by ECDSA, which seem to be >> chosen quite arbitrarily by its creator, which happens to be NSA. >> These questions of course remain unanswered. Even respected scientists >> like Schneier say that RSA should be used instead (see >> https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c167 >> 5929 > > But ECDSA itself does not contain any constants (see > https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm). > Yes, you have to choose domain parameters and most commonly used are > NIST ones. But you can also use brainpool curves, which specifically > avoid using any arbitrary constants (see > http://www.ecc-brainpool.org/download/Domain-parameters.pdf) and they > are even defined for TLS (https://tools.ietf.org/html/rfc7027) and > apparently supported by latest OpenSSL. Unfortunately not by anything > else. > OK, anyway that's your preference, I'm not going to argue about ECDSA or not;) > >> ). When I'm done setting my HTTP(S) services, I'll simply limit >> incoming connections connections on my firewall so DDOS'ing won't be >> possible, unless you DDOS my firewall :) > > I've never said anything about DDoS. In such setup there is no need > for distributed DoS. The CPU usage of RSA 8192 is so high that a > single shell script running on a single attack machine can kill any > server. > If you are willing to limit your connection rate on a firewall to a > few per second, then fine;) > > As for your problem. Now that it seems like SSL problem, can you just > try with RSA 4096 or 2048? RSA 8192 is really not much tested in most > code, so maybe the problem is in fact related. > Unfortunately, accessing my HTTPS services by only OpenSSL is out of the question. Besides, I use LibreSSL and am not sure it supports it, since OpenBSD people got rid of quite a lot of unnecessary code.
So I can only choose ECDSA or RSA. I don't think limiting my connections is a bad idea vs choosing weaker RSA. As I said before, I actually expect only a few connections at once. I've generated RSA 2048 cert with: openssl req -x509 -newkey rsa:2048 -keyout haproxy.pem -out haproxy.pem -days 3650 -nodes That is, I didn't use any non-default options, such as SHA512. Unfortunately, it doesn't yield any result. I'm now considering switching to SSL Pass-through, and configuring HTTPS in each of my WWW servers, it may be much quicker considering how long I've been getting Haproxy to work.
signature.asc
Description: OpenPGP digital signature