From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 50DAC138A1F for ; Sat, 19 Apr 2014 16:40:56 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id ED7B0E0B50; Sat, 19 Apr 2014 16:40:43 +0000 (UTC) Received: from mail.rootservice.org (devgate.rootservice.org [144.76.199.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BDF7EE0B46 for ; Sat, 19 Apr 2014 16:40:42 +0000 (UTC) Received: from devnoip.rootservice.org (devnoip.rootservice.org [46.59.202.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.rootservice.org (Postfix) with ESMTPSA id 3gB0KM1DVczdG3g for ; Sat, 19 Apr 2014 18:40:38 +0200 (CEST) Date: Sat, 19 Apr 2014 18:40:38 +0200 From: Joe User Organization: RootService Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Heartbleed fix - question re: replacing self-signed certs with real ones References: <20140417184325.GA22082@lyseo.edu.ouka.fi> <201404191252.20412.michaelkintzios@gmail.com> <3g9vqS6Wt5z62Yt@devnoip.rootservice.org> <4C8A13E9-84A7-4AEF-8F50-A203EDC6D5F5@iki.fi> In-Reply-To: <4C8A13E9-84A7-4AEF-8F50-A203EDC6D5F5@iki.fi> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-Id: <3gB0KK5RwJz62Xv@devnoip.rootservice.org> X-Archives-Salt: 9517cc08-b840-499c-9758-b6f9a0546e99 X-Archives-Hash: c96b4e8d9eb13884c85141f9837aa2ff -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 19.04.2014 17:38, Matti Nykyri wrote: > On Apr 19, 2014, at 16:17, Joe User > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 >> >> On 19.04.2014 13:51, Mick wrote: >>> On Thursday 17 Apr 2014 19:43:25 Matti Nykyri wrote: >>>> On Thu, Apr 17, 2014 at 04:49:45PM +0100, Mick wrote: >>> >>>>> Can you please share how you create ECDHE_ECDSA with >>>>> openssl ecparam, or ping a URL if that is more convenient? >>>> >>>> Select curve for ECDSA: openssl ecparam -out ec_param.pem >>>> -name secp521r1 >>> [snip ...] >>> >>>> I don't know much about the secp521r1 curve or about its >>>> security. >>> [snip ...] >>> >>> It seems that many sites that use ECDHE with various CA >>> signature algorithms (ECC as well as conventional symmetric) >>> use the secp521r1 curve - aka P-256. I just checked and >>> gmail/google accounts use it too. >>> >>> Markus showed secp384r1 (P-384) in his example. >>> >>> The thing is guys that both of these are shown as 'unsafe' in >>> the http://safecurves.cr.yp.to tables and are of course >>> specified by NIST and NSA. >>> >>> Thank you both for your replies. I need to read a bit more >>> into all this before I settle on a curve. >>> >> >> 1.) secp521r1 is *not* P-256 2.) I used secp384r1 aka P-384 as >> it's defined by RFC 6460 while secp521r1 is not, and all TLS1.2 >> implementations implement secp256r1 and secp384r1 as defined in >> RFC 6460, while secp521r1 is implemented only by some. So better >> to be RFC compliant and reach all possible users/customers as to >> violate the RFC and loose possible users/customers. >> https://tools.ietf.org/html/rfc6460 3.) Even the people behind >> http://safecurves.cr.yp.to have no proof that secp[256|384|521]r1 >> are unsecure, they just don't trust the NIST. So that list is >> mostly useless and possibly untrue. > > Which of the safecurves are supported by openssl? openssl ecparam -list_curves But openssl is not used by the major browsers and other clients, so it is not a reference here. >> 4.) ECC in certificates is not widely used and therfor also not >> extensivly audited, so it might be less secure than SHA256+RSA, >> or may suffer from implementation failures like heartbeat did. >> 5.) ECDSA has the same problems i mentioned in 4, so it may be a >> bad idea to use it in production. Stick to ECDHE and as a >> fallback to DHE. I use the following ciphers for my services: >> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) >> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) >> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) >> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) >> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) >> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) >> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) >> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) >> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) >> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) >> TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) >> TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) > > What program do you use to provide IMAP-SSL/TLS? I have not gotten > ECDHE to work with courier&openssl. Anyways I fail to see any logic > with courier-setup... Postfix and apache on the other hand are easy > to setup to use the correct ciphers. I use Dovecot as IMAPd. If you're interested in how i setup my servers then have a look at my corresponding howtos (in order): http://www.rootservice.org/howtos/freebsd/remote_install.html http://www.rootservice.org/howtos/freebsd/certificate_authority.html http://www.rootservice.org/howtos/freebsd/hosting_system.html My Gentoo-HowTos are out of date, so don't look at them ;) But the configs should work also on Gentoo with little tweaks. - -- Kind Regards, Mit freundlichen GrĂ¼ssen, Markus Kohlmeyer Markus Kohlmeyer PGP: 0xEBDF5E55 / 2A22 1F71 AA70 1AD1 231B 0178 759F 407C EBDF 5E55 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBCgAGBQJTUqcFAAoJEHWfQHzr315VY+cP/2mv/IJV8jkFMEtanP7WasYt gHWLNXW170+iTY7LbtEoZr9Or9U/RDWsXAEpb7kKO/G628zwOXOjMZAlBCr/O7U3 ZP0KNQfl7m+/BwIJ3uvjjHPExMHTF6f/w8U+9bhgPUMkGfBPqUEHF8jRRgn5wEdz Gd4l+fyQnWkheeb7TE1/ggEDrtHu232SumF3niDEkZlvO5ENoXquXw3YkFQ05Iyw LIU+j/yWCvajUN7CPEHEn7/KSJVzkwaH+6hqme2IxoyFjDScDBps2QqyqQgnX8gO 4QyCtn+/w8DChFs/gx2DUDTEKwhcjbzP3832RmejBoHpxFdwEUiT5ZMUNFqY33QP QlXhtQCogED6RJpJfeysaHt35p8B0Pb8wU4pR4GbFsvU0yBrUKK1aTFKsJqK9kQq +1U7sbgWFc+4kImIIHX/v5uOBlaCoQSrZ6gaBk2EGWc5uNnrW7qLvszA0VcRPwGo cgEuPZDgBedOdDSSA1oeHyk2mAk3f1pU8gxOEXZPEDpAzHlGGKyV/DkG+Co/YwC4 39kmWLJPfHT3sy5U8i9yC2P5zDHvO4dBalcsQ9BY+N+ynv1MfMN5NI0YT2EXCsEO upHPs4g8Y6LpJcVuERbiqYj1urRegGKj4N83p+0NaNk2mz0lP20OxVWaYdUw/bTW yMyf/oLzxxmgMF4kKtbg =n7KU -----END PGP SIGNATURE-----