[Owasp_Top_10_fuer_Entwickler] A6-Verlust der Vertraulichkeit sensibler Daten: SSL-Ciphers

Torsten Gigler torsten.gigler at owasp.org
Do Apr 3 11:33:56 UTC 2014


Hallo,

auf der Mailing-Liste von bettercrypto.org (
http://lists.cert.at/cgi-bin/mailman/listinfo/ach) werden Einstellungen für
SSL diskutiert.

Ich habe dort die Vorschläge für unser Wiki parallel zur Diskussion
gestellt.
Was haltet Ihr von der vorgeschlagenen SSL-Policy?

Viele Grüße
Torsten

PS: Unsere A6-Seite ist inzwischen sehr lange geworden. Ich denke wir
sollten sie auf 2 'Laschen' aufteilen (z.B. JAVA (1) und (2)). Wenn nichts
dagegen spricht, passe ich demnächst das Template an, damit das
funktioniert.

---------- Forwarded message ----------
From: Torsten Gigler <torsten.gigler at owasp.org>
Date: 2014-04-03 13:20 GMT+02:00
Subject: Re: [Ach] Proposal to change B cipher spec
To: "ach at lists.cert.at" <ach at lists.cert.at>

Hi,

what do you think about discussing the cipher policy with
concrete proposals?

I'd like to contribute this policy for ciphers to the discussion:
* Highest Priority for Ciphers that support 'Forward Secrecy'
* Favor DHE over ECDHE (with a hint to check the performance)
* Favor GCM over CBC regardless of the cipher size
* Priorize the ciphers by the sizes of the Cipher and the MAC
* Favor RSA over ECDSA
* Append the list with Ciphers for legacy browsers and web crawlers
* Do not use RC4, MD5,... etc
* Ciphers should be usable for DH >= 2000 bits, without blocking latency
browsers

Conrete this results in this ciphers (grouped according above policy):
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
-------------------------------------------------
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)
=================================================
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
-------------------------------------------------
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
=================================================
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)
-------------------------------------------------
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)

This could be reached by this cipher string:
openssl ciphers -V
EDH+aRSA+AESGCM:EDH+aRSA+AES:DHE-RSA-AES256-SHA:-DHE-RSA-AES128-SHA:EECDH+AESGCM:EECDH+AES:RSA+AESGCM:RSA+AES+SHA:DES-CBC3-SHA

Remarks:
'-DHE-RSA-AES128-SHA': used to be able to use DH >= 2000 bits, without
blocking latency browsers
'DHE-RSA-AES256-SHA': for compatibility reasons for elder versions of
openssl

What do you think about this proposal? Which recommendations do you see?
Kind regards

Torsten

More Info in German (DRAFT!):
https://www.owasp.org/index.php/Germany/Projekte/Top_10_fuer_Entwickler-2013/A6-Verlust_der_Vertraulichkeit_sensibler_Daten
(Verteidigungs-Option 2a gegen 'Verlust der Vertraulichkeit sensibler
Daten')
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <http://lists.owasp.org/pipermail/owasp_top_10_fuer_entwickler/attachments/20140403/c66ddcc8/attachment.html>


More information about the Owasp_Top_10_fuer_Entwickler mailing list