search

mozilla / server-side-tls

Server side TLS Tools
https://ssl-config.mozilla.org
Mozilla Public License 2.0
1.12k stars 158 forks source link

Server Side TLS v5.0 #178

Closed jvehent closed 5 years ago

jvehent commented 7 years ago

Brainstorming issue for changes planned for v5 of the guidelines. A few things should be discussed:

  1. Removing 3DES from the intermediate level. Data shows that TLSv1 DES-CBC3-SHA represents 2.8% of traffic on mozilla.org, a site designed to receive old traffic. I think we can start moving this forward.

  2. Removing DHE from the intermediate level, and keeping only one non-PFS ciphersuite: AES128-SHA.

  3. Removing RSA from the modern guidelines. ECDSA should be the norm and enough clients support it: Firefox 27, Chrome 30, Edge 12, IE 11, Safari 5, Opera 17, Android 4.4.2, OpenSSL 1.0.1h and Java 8b132

  4. Adding X25519 to TLS curves on all levels. Maybe next year we'll have some certificate support 🙏

  5. Removing secp521r1 from all TLS curves and certificates. It's never used and there's some concern about its security.

  6. Requiring the use of certificate authorities that issue CT logs, on all levels. This is new, the phrasing needs work, as do the testing tools, but it's an important requirement that I think we should add.

  7. I'm wondering if we should require short lived certs and key rotation. 90 days max for modern level, 2 years for intermediate. This is going to annoy people, but the security benefit is there to support it.

Anything else I forgot?

martinthomson commented 5 years ago

Yeah, the shorter list is much better.

I can always send people to Server Side TLS 4.0 if they want even older systems.

I would not do that proactively. It's enough to answer any questions that arise.

april commented 5 years ago

Awesome, thanks! I’ll get this published tomorrow morning and then will publicize the changes on Monday. I really appreciate your feedback!

april commented 5 years ago

This has been merged and published. It's been a tough 2.5 year slog, but thanks to everyone's hard work we have finally gotten there. I really appreciate it.

c33s commented 5 years ago

@april why ecdsa and not ed25519?

see https://github.com/Neilpang/acme.sh/issues/2350#issuecomment-514218380

april commented 5 years ago

It's impossible to do so, that's why. There aren't any CAs that issue Ed25519 certificates.