Closed martinberg212 closed 5 years ago
aaronkaplan
commented
5 years ago See also #384
Working on a version which will contain TLS 1.3 however. So stay tuned...
Will update the homepage to state clearly that some recommendations are outdated by now.
BTW: SSLv3 was always excluded. So , I think some things got confused a bit in the rant.
Dreamsorcerer
commented
5 years ago Note that https://cipherli.st/ is rather confusing, the settings on the home page don't match the rationale it links to, and in some cases contradicts itself. e.g. Home page recommends "TLSv1.3", while the rationale page recommends "TLSv1.2 TLSv1.3". Home page recommends the first part of the backward-compatible recommendation in the rationale, while the recommended cipher suite in the rationale only allows AES-256 despite "AES 128 is preferred to AES 256".
I'm rather hoping that ACH gets updated soon, with more consistent recommendations.
I've heard multiple times in the past months that work is being done on a new version, but I don't see any commits or activity on Github, so what is the process for the work being done? Without this work being done on Github, it's a lot more difficult for other people to review changes and contribute to the project (and obviously makes the project look dead).
I recently found out about this project when a client referred to it to justified some hardening measures they implemented.
While I like the idea of this project very much, it became painfully obvious to me that there are some at least outdated, if not at all questionable recommendations in the bettercrypto documentation.
In the case of this client, they changed the rather modern and quite reasonable default tls configuration of their apache webservers, to the one recommended in the current version shown at bettercrypto.org, therefore significantly weakening their crypto (e.g. enableing SSLv3 ciphers).
The current (bettercrypto) recommendation for apache tls also precedes the list of ciphers with DH key exchange (vulnerable to Logjam unless DH parameters have been hardened, which is not mentioned at all as far as I can see) followed by Camellia, which is not supported by any major browser today and also has no benefit over AES (both are very similar).
On the other hand a default config on a (over 1 year old) ubuntu 18.04 starts with ECDHE (preventing Logjam) chacha20 cipher and AES-GCM and has SSL disabled.
Not to mention that even “slow” government organizations have declared TLSv1 and TLSv1.1 as non compliant for over a year now and even PCI-DSS compliance demands at least TLSv1.2 (those are the ones usually a few years behind current tech)
Therefore at this moment, following the bettercrypto recommendations actually weakens the crypto of many products that are rolled out today.
The only responsible conclusions that can come out of this is to either update the documentation ASAP and keep it up to date (rolling release) or make the choice of declaring this project deprecated and ask that nobody follow these outdated recommendations
Btw. This website is an alternative source for crypto recommendations https://cipherli.st/ Working together with this project might be an option as well.