From nmav at gnutls.org Sat Nov 1 08:31:34 2014 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 01 Nov 2014 08:31:34 +0100 Subject: [mod_gnutls-devel] Does mod-gnutls supports GCM mode? In-Reply-To: <1414796395.4796.15.camel@sal9000.rz.uni-konstanz.de> References: <1414796395.4796.15.camel@sal9000.rz.uni-konstanz.de> Message-ID: <1414827094.2482.31.camel@nomad.lan> On Fri, 2014-10-31 at 23:59 +0100, Peter Ulber wrote: > Hi, > I tried hard to find suitable priority strings for my web server, using > - debian wheezy 7.6 > - apache 2.2.22 > - gnutls 3.3.7 > - mod-gnutls 0.5.10 > For TLS 1.2 I wanted to use GCM instead of CBC, but it seems that > mod-gnutls doesn't support that. It would be nice having it :) > Additionally it's hard to find out what priority strings are actually > supported. I looked it up here: I don't know whether there are restrictions to the priority strings used by mod_gnutls, but if you can freely select gnutls' strings an equivalent to what you had is the following: "NORMAL:-VERS-SSL3.0:-RSA:-ARCFOUR-128:-SIGN-RSA-SHA1:-SIGN-ECDSA-SHA1:-SIGN-DSA-SHA1:%SERVER_PRECEDENCE" You can always see what a string enables using gnutls-cli -l --priority "xxx". The string above would prioritize GCM over CBC for clients that support it, and it will follow the gnutls' defaults, which may change if there is some other prioritization needed due to a new attack. The difference with what you have, is that it enables everything known to be secure, and disables the known to be insecure algorithms. For example your string disabled signing with SHA224, SHA384 and SHA512, as well as elliptic curves and there is no security reason for that. Also beware that you shouldn't add -SIGN-RSA-SHA1 if your certificate is signed with SHA1. It could cause issues to clients that strictly follow the protocol (and is pointless as anyway SHA1 remains the weakest link). regards, Nikos From pu at uni-konstanz.de Tue Nov 4 07:38:43 2014 From: pu at uni-konstanz.de (Peter Ulber) Date: Tue, 04 Nov 2014 07:38:43 +0100 Subject: [mod_gnutls-devel] Does mod-gnutls supports GCM mode? In-Reply-To: <1414827094.2482.31.camel@nomad.lan> References: <1414796395.4796.15.camel@sal9000.rz.uni-konstanz.de> <1414827094.2482.31.camel@nomad.lan> Message-ID: <1415083123.3646.7.camel@sal9000.rz.uni-konstanz.de> Hi, > > For TLS 1.2 I wanted to use GCM instead of CBC, but it seems that > > mod-gnutls doesn't support that. It would be nice having it :) > > Additionally it's hard to find out what priority strings are actually > > supported. I looked it up here: > > I don't know whether there are restrictions to the priority strings used > by mod_gnutls, but if you can freely select gnutls' strings an > equivalent to what you had is the following: > "NORMAL:-VERS-SSL3.0:-RSA:-ARCFOUR-128:-SIGN-RSA-SHA1:-SIGN-ECDSA-SHA1:-SIGN-DSA-SHA1:%SERVER_PRECEDENCE" That string does not work with mod_gnutls (at least with v0.5), because there seem to be restrictions when it comes to the priority strings, but I found no proper documentation what strings are actually allowed, e.g. "%SERVER_PRECEDENCE" does not work. > You can always see what a string enables using gnutls-cli -l --priority > "xxx". I know, but not everything which works which gnutls-cli will work with mod_gnutls, e.g. the GCM mode for AES. > The difference with what you have, is that it enables everything known > to be secure, and disables the known to be insecure algorithms. For > example your string disabled signing with SHA224, SHA384 and SHA512, as > well as elliptic curves and there is no security reason for that. I agree with you on SHA-2, but I am a bit sceptical when it comes to ECC, e.g. there are some constants which may have a dubios origin ;-) > Also beware that you shouldn't add -SIGN-RSA-SHA1 if your certificate is > signed with SHA1. It could cause issues to clients that strictly follow > the protocol (and is pointless as anyway SHA1 remains the weakest link). Thx for that hint! Regards, Peter -- Peter Ulber --- KIM Basisdienste an der Universit?t Konstanz V404 (Tel: +49 7531 88 2622) - Mail/XMPP: pu at uni-konstanz.de https://www.rz.uni-konstanz.de/rechenzentrum/team/peterulber S/MIME Fingerprint: E1353193E1BD5ED2F34759168686ABAEFF1F7B9D -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6192 bytes Desc: not available URL: