On Tue, Jun 10, 2025 at 12:53:24PM +0400, Loganaden Velvindron wrote:
> > Can someone please point me at the details of this use case, so that
> > I can better understand the tradeoff?
>
> I believe that a large government agency (nsa.gov) is using SecP256r1
> on its website as a key exchange for TLS ?
Public websites are often hosted by 3rd-party providers, it is unclear
that their behaviour represents meaningful policy:
www.nsa.gov. IN CNAME nsa.gov.edgekey.net.
nsa.gov.edgekey.net. IN CNAME e16248.dscb.akamaiedge.net.
e16248.dscb.akamaiedge.net. IN A 23.46.47.108
So we're learning about Akamai, not NSA.
> TLS 1.2 Cipher Suites:
> Attempted to connect using 156 cipher suites.
>
> The server accepted the following 3 cipher suites:
> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256
> ECDH: prime256v1 (256 bits)
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256
> ECDH: prime256v1 (256 bits)
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128
> ECDH: prime256v1 (256 bits)
And, FWIW, the "www.nsa.gov" (akamai) website supports X25519 key
exchange for TLS 1.3:
$ openssl s_client -connect www.nsa.gov:443 -brief
CONNECTION ESTABLISHED
Protocol version: TLSv1.3
Ciphersuite: TLS_AES_256_GCM_SHA384
Peer certificate: CN=www.defense.gov
Hash used: SHA256
Signature type: rsa_pss_rsae_sha256
Peer Temp Key: X25519, 253 bits
Likewise, not much should be read into the ciphers supported by NSA's MX
host:
Connecting to 156.112.250.1
CONNECTION ESTABLISHED
Protocol version: TLSv1.2
Ciphersuite: ECDHE-RSA-AES256-GCM-SHA384
Peer certificate: C=US, ST=Maryland, L=Fort Meade, O=DISA,
CN=*.eemsg.mail.mil
Hash used: SHA256
Signature type: rsa_pss_rsae_sha256
Verification: OK
DANE TLSA 3 1 1 ...b6bd238e55732841a592238b matched the EE certificate at
depth 0
Supported Elliptic Curve Point Formats:
uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Peer Temp Key: ECDH, secp521r1, 521 bits
250 STARTTLS
Or the use of the obsolete RSASHA1-NSEC3-SHA1(7) DNSSEC signature algorithm:
; NOERROR qr rd ra do
nsa.gov. IN DNSKEY 257 3 7 [key id = 62806]
nsa.gov. IN DNSKEY 257 3 7 [key id = 29356]
nsa.gov. IN DNSKEY 256 3 7 [key id = 62912]
nsa.gov. IN DNSKEY 256 3 7 [key id = 41330]
nsa.gov. IN RRSIG DNSKEY 7 2 7200 20250613074345 20250610064345 29356
nsa.gov. [omitted]
nsa.gov. IN RRSIG DNSKEY 7 2 7200 20250613074345 20250610064345 62806
nsa.gov. [omitted]
DNS is again handled by akamai:
nsa.gov. IN NS a5-66.akam.net.
nsa.gov. IN NS a1-107.akam.net.
nsa.gov. IN NS a2-64.akam.net.
nsa.gov. IN NS a12-67.akam.net.
nsa.gov. IN NS a11-66.akam.net.
nsa.gov. IN NS a24-65.akam.net.
By cherry picking where to look, one can easily find support (via
a range of providers) for a broad range of cryptographic parameters.
fbi.gov. IN NS ns-cloud-e1.googledomains.com.
fbi.gov. IN NS ns-cloud-e4.googledomains.com.
fbi.gov. IN NS ns-cloud-e2.googledomains.com.
fbi.gov. IN NS ns-cloud-e3.googledomains.com.
whitehouse.gov. IN NS ernest.ns.cloudflare.com.
whitehouse.gov. IN NS wally.ns.cloudflare.com.
--
Viktor.
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
