Closed moparisthebest closed 10 years ago
Yes, this is spdylay issue. We have to explicitly enable ECDHE ciphers by specifying curve name. I'm also new to this. I'll do some research.
Well it's good to know this is a spdylay issue and that it can be solved! From the lighttpd documentation I linked to, I see this option:
ssl.ec-curve defines the set of elliptic-curve-cryptography domain parameters known as a "named curve" (lighttpd >= 1.4.29 only)
So is that the option we need in spdylay? If so we could probably look at the lighttpd code for the right thing to do with it?
For completeness, the option is desired. The commit 6a413e5 adds ECDH cipher support and its elliptic curve is hard coded P-256 for now, which works just fine today.
Excellent, and somewhat of a success, ECDHE ciphers are supported, here is my current cipher list:
ciphers=ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA25 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-DES-CBC3-SHA6 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-SEED-SHA DHE-RSA-CAMELLIA128-SHA AES256-SHA256 RC4 HIGH !MD5 !aNULL !eNULL
However, as you can see here: https://www.ssllabs.com/ssltest/analyze.html?d=moparisthebest.com
None of the DHE ciphers are supported, I'm thinking it needs some more parameters to support this perhaps like lighttpd's dh-file? Currently lack of DHE ciphers is the only difference between my configuration and this one: https://www.ssllabs.com/ssltest/analyze.html?d=fastmail.fm&s=66.111.4.55
And it looks like there are still a decent number of browsers that would take DHE over RC4 if it was available, but can't take ECDHE. Any thoughts?
Well, I thought you want ECDHE. And yes, for DHE we need additional parameters. It seems google.com has this trend too.
You definitly added ECDHE cipher support, which is indeed what I created this for. I didn't realize DHE was all that different until I ran it though, sorry about that. Would you rather I create a new issue or just keep this one?
I acknowledged DHE support request, so just keep this issue open.
OK, DHE cipher suites support added in 3843312 Please read the commit message to know how to use.
Awesome, DHE ciphers are now supported as well, which when used in combination with ECDHE ciphers allows users of shrpx to provide forward secrecy to every client that currently supports forward secrecy:
https://www.ssllabs.com/ssltest/analyze.html?d=moparisthebest.com
For anyone interested I created the dhparams.pem file just as the commit message mentioned, and my ciphers list looks like this:
ciphers=ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA25 ECDHE-RSA-RC4-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-DES-CBC3-SHA6 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-SEED-SHA DHE-RSA-CAMELLIA128-SHA AES256-SHA256 RC4 HIGH !MD5 !aNULL !eNULL
As far as the rating goes, it did drop my 'key exchange' rating down from 100 to 80, though I'm not sure why yet.
As far as I'm concerned this issue is resolved, thanks much!
It seems that ssllabs checks the key size used in key agreement. With 1024bit DH parameters, DH key size is also 1024bit. Without DHE-RSA, your 4096bit server public key gets highest rating, but with DHE-RSA, key size is down to 1024, so the down rating.
I admit I'm no expert on SSL topics, but I'm trying to enable forward secrecy on my website by preferring ECDHE ciphers, honor-cipher-order=yes and no matter if my ciphers are set to any of the following, I still only show the same list of ciphers offered to the client, while all but the first one should show many ECDHE ciphers as well, right?
The server is an up-to-date Ubuntu 12.04 Precise, with the same results for shrpx 0.3.8 and the current commit in git, freshly compiled. My OpenSSL supports these just fine:
Which is what ciphers is currently set to, but you can see no ECDHE ciphers are offered to the client: https://www.ssllabs.com/ssltest/analyze.html?d=moparisthebest.com where as other websites do show it: https://www.ssllabs.com/ssltest/analyze.html?d=fastmail.fm https://www.ssllabs.com/ssltest/analyze.html?d=google.com
I do notice lighttpd has ssl config options like dh-file and ec-curve, maybe shrpx needs them too? http://redmine.lighttpd.net/projects/lighttpd/wiki/docs_ssl
Honestly, I'm not 100% sure if this is an issue with Ubuntu 12.04, spdylay, my keys/certificates, or what else the issue could be, but I think it's probably spdylay.
Any ideas?