Two more cipher suites which should be disabled

[rugk]

Full story: https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH

After the Logjam attack - where there where already suspects that 1024 DHE keys are not secure anymore. Now that's for sure.

That is why these ciphers should be disabled:

So what do you think of including this in the addon?

[Der-Orden]

The DHE-Key-Exchange is not broken like the RC4 Cipher. It is "broken" like RSA - just for short Keys. The Other problem with Logjam is that some groups (primes) are often used, this makes it practicable to pre-calculate the dh-group and no more Forward Secrecy for DHE with the group. Simple solution: Do not use common DH primes and use the same Keysize for RSA and DHE (2048+ Bit) Bay the Way: ssllabs tests for "Uses common DH primes" and "DH public server param (Ys) reuse" Better solution: Use ECDHE.

All in all: If you do it right DHE_RSA_AES_SHA is better than RSAAESSHA but the best way is to use one of the "GCM Ciphers" with ECDHE Key-Exchange

[rugk]

It is "broken" like RSA - just for short Keys.

Yeah, but this won't change in the near future. In the article of the security researchers it's explained:

Since weak use of Diffie-Hellman is widespread in standards and implementations, it will be many years before the problems go away, even given existing security recommendations and our new findings.

EFF also confirms this:

However, 1024-bit Diffie-Hellman remains supported for the forseeable future despite its vulnerability to NSA surveillance.

.

The Other problem with Logjam is that some groups (primes) are often used, this makes it practicable to pre-calculate the dh-group and no more Forward Secrecy for DHE with the group. Simple solution: Do not use common DH primes and use the same Keysize for RSA and DHE (2048+ Bit) Bay the Way: ssllabs tests for "Uses common DH primes" and "DH public server param (Ys) reuse" Better solution: Use ECDHE.

Yes, I know. The problem is just that this has to be done on the webserver. From the browser/client perspective you cannot really control this. Of course you can't perform a SSLLabs scan for every site you visit. But hey we're at Ssleuth so at least displaying and evaluating the DH key size could be done... --> So I found this issue: https://github.com/sibiantony/ssleuth/issues/22

---

Another (much better) way would of course be to block this connection based on the DH key size. I've opened a new issue about this: https://github.com/sibiantony/ssleuth/issues/39

[sibiantony]

@rugk It's easy to add another default list for DHE. The reason why I had made the whole thing customizable is that people can do it themselves. However,

1. Firefox doesn't expose the DHE key sizes as of now. And that means blocking all DHE suites will also block the 2048+ bits ones.
2. Some websites do only support DHE (no ECDHE etc.), and disabling the suites from the browser can break the connections.

Please continue this topic in #22.

[rugk]

The reason why I had made the whole thing customizable is that people can do it themselves.

Yes, that's why I'm suggesting this. It should not be done automatically, but by themself. I just though this would be a nice default list - so it's much easier to disable the ciphers for new users. Additionally they may be made aware that something with this ciphers is wrong. (To do this in a better way it would of course be good to show a kind of description and/or link in the default lists there, for more information)

In the second case most connections will downgrade to non-Forward-Secrecy ciphers as these are almost always supported. (at least at the part of servers which use 1024bit DH keys)