IETF Logo Mail Archive

Re: h2 ciphers

Stefan Eissing <stefan.eissing@greenbytes.de> Fri, 16 October 2015 14:08 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A31AA1B2BD5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 16 Oct 2015 07:08:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.112
X-Spam-Level:
X-Spam-Status: No, score=-5.112 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_24=0.6, J_CHICKENPOX_25=0.6, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id USZCloD4E4vS for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 16 Oct 2015 07:08:21 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3319F1A92EB for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 16 Oct 2015 07:08:20 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Zn5dJ-0008LF-GH for ietf-http-wg-dist@listhub.w3.org; Fri, 16 Oct 2015 14:05:21 +0000
Resent-Date: Fri, 16 Oct 2015 14:05:21 +0000
Resent-Message-Id: <E1Zn5dJ-0008LF-GH@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <stefan.eissing@greenbytes.de>) id 1Zn5dG-0008Jr-5o for ietf-http-wg@listhub.w3.org; Fri, 16 Oct 2015 14:05:18 +0000
Received: from mail.greenbytes.de ([217.91.35.233]) by maggie.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <stefan.eissing@greenbytes.de>) id 1Zn5dE-0001Be-67 for ietf-http-wg@w3.org; Fri, 16 Oct 2015 14:05:17 +0000
Received: from [192.168.1.48] (unknown [87.78.174.25]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.greenbytes.de (Postfix) with ESMTPSA id 7E03D15A0472; Fri, 16 Oct 2015 16:04:53 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3094\))
From: Stefan Eissing <stefan.eissing@greenbytes.de>
In-Reply-To: <081f0c00b022ce8c29f37d1c349c7706@webmail.linuxwall.info>
Date: Fri, 16 Oct 2015 16:04:52 +0200
Cc: ietf-http-wg@w3.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <C5B48ECA-219D-4017-B7A2-32DD7768F18C@greenbytes.de>
References: <47048ED2-374F-4542-A4DC-C1F39AD26C0A@greenbytes.de> <5620F6C1.9080200@treenet.co.nz> <081f0c00b022ce8c29f37d1c349c7706@webmail.linuxwall.info>
To: Julien Vehent <julien@linuxwall.info>
X-Mailer: Apple Mail (2.3094)
Received-SPF: pass client-ip=217.91.35.233; envelope-from=stefan.eissing@greenbytes.de; helo=mail.greenbytes.de
X-W3C-Hub-Spam-Status: No, score=-5.9
X-W3C-Hub-Spam-Report: AWL=-1.972, BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1Zn5dE-0001Be-67 f66b09043b47900e303eaf68bacb3260
X-Original-To: ietf-http-wg@w3.org
Subject: Re: h2 ciphers
Archived-At: <http://www.w3.org/mid/C5B48ECA-219D-4017-B7A2-32DD7768F18C@greenbytes.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/30373
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

> Am 16.10.2015 um 15:23 schrieb Julien Vehent <julien@linuxwall.info>:
> 
> On 2015-10-16 09:08, Amos Jeffries wrote:
>> HTTP/2 was designed to be implemented from a clean-slate situation.
>> Everybody is building new code based on the same spec, so there is no
>> legacy behaviours to be tolerant about.
> 
> (I'm the author of the Mozilla guidelines).

Thanks for that wiki!

> This is correct: the recommendation is for HTTP/1.1 where a significant amount of backward compatibility is required. The modern guidelines guarantee strong crypto on somewhat recent clients, but we can certainly do better for http/2.
> 
> We'll probably revise the guidelines in the coming months. In the meantime, on a h2 endpoint, I would recommend limiting it to these ciphers:
> 
> $ openssl ciphers -V 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384'
> 0xC0,0x2F  -  ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2  Kx=ECDH  Au=RSA    Enc=AESGCM(128)  Mac=AEAD
> 0xC0,0x2B  -  ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2  Kx=ECDH  Au=ECDSA  Enc=AESGCM(128)  Mac=AEAD
> 0xC0,0x30  -  ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2  Kx=ECDH  Au=RSA    Enc=AESGCM(256)  Mac=AEAD
> 0xC0,0x2C  -  ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2  Kx=ECDH  Au=ECDSA  Enc=AESGCM(256)  Mac=AEAD
> 
> Note: we don't recommend ECDHE-RSA-CHACHA20-POLY1305 because it's not yet a standard and our mozilla servers don't implement it, but feel free to use it :)

Now, Apache httpd will most often not be a "clean slate" h2 endpoint, but having to serve old, intermediate and modern clients and, among those modern ones, some that announce 'h2' in ALPN. 

When this arrives in Apache, the code needs to decide if it answers h2 or http/1.1 in an ALPN callback from the TLS layer
- the TLS layer has not yet decided on a cipher
- the TLS layer has no concept of a h2 compatible cipher list, best case it is configured with a "modern" list and server-order preference.
- the client cipher list is, I believe, not visible (and even if it was, we could only guess what the TLS layer selects later)

*crickets*

Am I overlooking something?

v2.29.0 | Report a Bug | By Email | System Status