X.509 certificates for https://gnupg.org

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Dec 17 18:52:16 CET 2013 

On 12/17/2013 10:37 AM, Werner Koch wrote:
> On Mon, 16 Dec 2013 21:35, dkg at fifthhorseman.net said:
> 
>> Werner, if i can help with configuring or maintaining the web server for
>> gnupg.org to address some of these issues, please let me know.
> 
> Yes, I have problems to figure out a woking cipher list which also
> allows for IE.  What DHE cipher suite may I use with IE given that I
> have only an RSA certificate. Or should I simply give up on PFS for IE
> users?  The active ciphers are right now:
> 
> ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
> DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
> DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1

I think it depends on what flavor of IE you're using (and what version
of the underlying OS you're using as well).  The version of schannel in
Windows XP doesn't support ECDHE (or AES(!)) at all, and i don't think
any version of schannel supports DHE-RSA if i'm reading these tech
reports correctly:

Cipher Suites in Schannel
 http://msdn.microsoft.com/en-us/library/windows/desktop/aa374757%28v=vs.85%29.aspx

Schannel Cipher Suites in Windows Vista:
 http://msdn.microsoft.com/en-us/library/windows/desktop/ff468651%28v=vs.85%29.aspx

TLS Cipher Suites in Windows XP and Windows Server 2003:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa380512%28v=vs.85%29.aspx

Secure Sockets Layer Protocol (v2 and v3) in Windows XP and Windows
Server 2003:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa380124%28v=vs.85%29.aspx

If you want to be able to support these systems, you may need to add a
low-priority "Lowest Common Denominator" ciphersuite to match them.
Sadly, that seems likely to be  TLS_RSA_WITH_3DES_EDE_CBC_SHA, unless
you somehow can score a DSA certificate for the service as well (since
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA seems to be the only PFS ciphersuite
supported by XP's native TLS stack).  I've never even tried to get a DSA
certificate for a web server from any member of the CA cartel.  Have you?

If you want to discourage clients from picking the
lowest-common-denominator ciphersuite unless it's the only one they
support, you should probably set "SSLHonorCipherOrder 1" in your pound
configuration.

> p.s.
> Attached is I my SSLNoCompression patch for Debian's pound in case
> someone is interested.

Thanks, i've forwarded that to http://bugs.debian.org/727197

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20131217/c0704332/attachment.sig>

More information about the Gnupg-users mailing list