TLS 1.2: AES_128_GCM or AES_256_CBC for better security?
GIANT_CRAB
New Member
AHSFDGSFDGAG
Luckily, I have been looking through all these cipher suites these few days
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA
HE-RSA-AES256-GCM-SHA384HE-RSA-AES256-SHA256HE-RSA-CAMELLIA256-SHAHE-RSA-AES256-SHA:!NULL:!eNULL:!aNULL:!DSS:!RC4:!DES:!3DES:-MEDIUM:-LOW
USE THAT, YOU GET BEST THING EVER. These are basically the only cipher suites with forward secrecy.
Luckily, I have been looking through all these cipher suites these few days
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA
HE-RSA-AES256-GCM-SHA384HE-RSA-AES256-SHA256HE-RSA-CAMELLIA256-SHAHE-RSA-AES256-SHA:!NULL:!eNULL:!aNULL:!DSS:!RC4:!DES:!3DES:-MEDIUM:-LOWUSE THAT, YOU GET BEST THING EVER. These are basically the only cipher suites with forward secrecy.
Wintereise
New Member
Going to FS only ciphers only will mean that legacy API clients (think curl / old wget with outdated certs) will all be unable to connect to you -- as @GIANT_CRAB found out today.
Use a mixture of older, and newer -- with preference on newer. And yes, GCM is preferred.
Use a mixture of older, and newer -- with preference on newer. And yes, GCM is preferred.
As I mentioned above, I don't worry about old clients. Because they are all my friends, they should change their browsers for their better privacy. Actually, I will setup seafile web interface for my friends so I will select the most secured cipher. For now, I don't see any browser support AES_256_GCM.
The reason why you don't see support for AES_256_GCM is because GCM operates on 128 bit blocks, with a 128 bit trailing MAC, yielding a 256 bit frame. In effect, there is no 256-bit GCM mode (this would yield a 512 bit frame) so there can't be a AES_256_GCM.
edit: thinko
edit: thinko
Last edited by a moderator:
The difficulty for encrypting and decrypting a 256-bit block is the same as a 128-bit block. Considering properly-implemented TLS uses a ratchet to change the session key after each N records sent, a 128-bit block cipher is actually more secure for two reasons:
1. Ratcheting will occur more frequently (it is done every N records), thusly compromise of a single session key means less data will be recovered.
2. The IV used is different for each block, so smaller block size = more IV variance, thusly more security. Basically it takes twice the CPU time to decrypt two 128-bit blocks as it would one 256-bit block.
GIANT_CRAB
New Member
FUCKING PAYPAL.
They should really updated their stupid curl shit.
EDIT:
This cipher suite should work for Payfail
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA
HE-RSA-AES256-GCM-SHA384HE-RSA-AES256-SHA256HE-RSA-CAMELLIA256-SHAHE-RSA-AES256-SHA:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:!NULL:!eNULL:!aNULL:!DSS:!RC4:!DES:!3DES:-MEDIUM:-LOW
Last edited by a moderator:
howardsl2
New Member
There is a website to test how well your site's SSL works. See if you can get an A+. To retest, click on "Clear cache" when the test is finished:
https://www.ssllabs.com/ssltest/
Here are the SSL ciphers I use (achieves Forward Secrecy):
ECDH+AESGCMH+AESGCM:ECDH+AES256H+AES256:ECDH+AES128H+AES:ECDH+3DESH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
Adding this line in Nginx configuration for HSTS:
add_header Strict-Transport-Security max-age=15768000;
In addition, set up OCSP Stapling as mentioned here. This should further speed up your site.
https://www.ssllabs.com/ssltest/
Here are the SSL ciphers I use (achieves Forward Secrecy):
ECDH+AESGCM
H+AESGCM:ECDH+AES256H+AES256:ECDH+AES128H+AES:ECDH+3DESH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;Adding this line in Nginx configuration for HSTS:
add_header Strict-Transport-Security max-age=15768000;
In addition, set up OCSP Stapling as mentioned here. This should further speed up your site.
Last edited by a moderator:
Not another Wikileaks site. But if I can set up a better mode, why don't I do it? At least I can learn something from your all advices :lol: Thank you all.