Thijs van Dijk wrote: > > Regular clients, no. > But this would be a useful addition to debugging / scanning suites (e.g. > Qualys), or browser extensions for the security conscious (e.g. CertPatrol).
With FREAK and LOGJAM attacks, there is a significant difference in effort between servers using a static private (DH or temporary RSA) key vs. truely ephemeral key. But security checks of "vulnerability scanners" do not seem to do any checks on whether the server is presenting the same public key on multiple handshakes. Generation of truely ephemeral DH keys for every full handshake is IMO quite expensive for 2048+ bits DH. The reason why I like Curve25519 is that generation of ephemeral keys is cheap. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls