[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#31946: 27.0.50; The NSM should warn about more TLS problems

From: Jimmy Yuen Ho Wong
Subject: bug#31946: 27.0.50; The NSM should warn about more TLS problems
Date: Thu, 28 Jun 2018 16:58:51 +0100

> So, the client side can't be patched, and the server side doesn't really
> need to be patched (just leave the "reuse ephemeral key" option turned
> off).

He's talking about GnuTLS servers, nobody uses GnuTLS on the
server-side, also GnuTLS' implementation of RFC 7919 doesn't seem to
be in 3.5.x branch.

A bit more update from my research, the authoritative list of browser
capabilities is actually https://www.ssllabs.com/ssltest/clients.html
. We can see that only IE and Opera still support DHE_RSA KX, and
these browsers don't matter as game changers.

Unless we plan to require GnuTLS 3.6+, we'll definitely need to warn
in the 'medium level. This is a super simple check.

> Furthermore, it seems gnutls has added support for standardized primes,
> so that pretty much resolves the issue as much as it can be:

WRT RFC 7919, IMO, it is dead on arrival, even when it is approved.
With DHE based ciphers removed in browsers, the only real options are
TLS 1.2/1.3 with ECDHE KX, and fall back to TLS 1.2 with RSA KX.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]