Confirmed users
529
edits
Security/Server Side TLS: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 11: | Line 11: | ||
|- | |- | ||
| <span style="color:green;">'''READY'''</span> || | | <span style="color:green;">'''READY'''</span> || | ||
* Version 3.6: ulfr: bump intermediate DHE to 2048, add note about java compatibility | |||
* Version 3.5: alm: comment on weakdh vulnerability | * Version 3.5: alm: comment on weakdh vulnerability | ||
* Version 3.4: ulfr: added note about session resumption, HSTS and HPKP | * Version 3.4: ulfr: added note about session resumption, HSTS and HPKP | ||
| Line 35: | Line 36: | ||
</tr></table> | </tr></table> | ||
Updates to this page should be submitted to the | Updates to this page should be submitted to the [https://github.com/mozilla/server-side-tls source repository on github]. | ||
If you are looking for the configuration generator, follow this link: | If you are looking for the configuration generator, follow this link: [https://mozilla.github.io/server-side-tls/ssl-config-generator/ https://mozilla.github.io/server-side-tls/ssl-config-generator/]. | ||
= Recommended configurations = | = Recommended configurations = | ||
| Line 74: | Line 75: | ||
* Versions: '''TLSv1, TLSv1.1, TLSv1.2''' | * Versions: '''TLSv1, TLSv1.1, TLSv1.2''' | ||
* RSA key size: '''2048''' | * RSA key size: '''2048''' | ||
* DH Parameter size: ''' | * DH Parameter size: '''2048''' (see [Security/Server Side TLS#DHE_and_Java DHE and Java] for details) | ||
* Elliptic curves: '''secp256r1, secp384r1, secp521r1''' (at a minimum) | * Elliptic curves: '''secp256r1, secp384r1, secp521r1''' (at a minimum) | ||
* Certificate signature: '''SHA-256''' | * Certificate signature: '''SHA-256''' | ||
| Line 198: | Line 199: | ||
-----END DH PARAMETERS----- | -----END DH PARAMETERS----- | ||
</source> | </source> | ||
== DHE and Java == | |||
Java 6 and 7 do not support Diffie-Hellman parameters larger than 1024 bits. If your server expects to receive connections from java 6 clients and wants to enable PFS, it must provide a DHE parameter of 1024 bits. | |||
The case of Java 7 is a bit different. Java 7 supports ECDHE ciphers, so if the server provides ECDHE and prioritizes it before DHE ciphers using server side ordering, then Java 7 will use ECDHE and not care about the size of the DHE parameter. In this situation, the server can use 2048 bits DHE parameters for all other clients. | |||
However, if the server does not support ECDHE, then Java 7 will use DHE and fail if the parameter is larger than 1024 bits. When failing, the handshake will not attempt to fall back to the next cipher in line, but simply fail with the error "java.lang.RuntimeException: Could not generate DH keypair". | |||
{| class="wikitable" | |||
|- | |||
! Java supported !! ECDHE prioritized !! smallest DH parameter size | |||
|- | |||
| 6 || irrelevant || 1024 | |||
|- | |||
| 7 || NO || 1024 | |||
|- | |||
| 7 || YES || 2048 | |||
|- | |||
| 8 || irrelevant || 2048 | |||
|} | |||
= OCSP Stapling = | = OCSP Stapling = | ||