Re: h2 ciphers

Julien Vehent <> Fri, 16 October 2015 13:26 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id D43561A1B07 for <>; Fri, 16 Oct 2015 06:26:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.313
X-Spam-Status: No, score=-3.313 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_24=0.6, J_CHICKENPOX_25=0.6, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id rYDGPGKhpDV3 for <>; Fri, 16 Oct 2015 06:26:39 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C6A8A1A1B2A for <>; Fri, 16 Oct 2015 06:26:39 -0700 (PDT)
Received: from lists by with local (Exim 4.80) (envelope-from <>) id 1Zn4zl-00014z-Sk for; Fri, 16 Oct 2015 13:24:29 +0000
Resent-Date: Fri, 16 Oct 2015 13:24:29 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <>) id 1Zn4zj-00014I-By for; Fri, 16 Oct 2015 13:24:27 +0000
Received: from ([] by with esmtp (Exim 4.80) (envelope-from <>) id 1Zn4zc-0003v5-23 for; Fri, 16 Oct 2015 13:24:26 +0000
Received: from (unknown []) (Authenticated sender: julien) by (Postfix) with ESMTPA id 47DE3888FC2 for <>; Fri, 16 Oct 2015 15:23:57 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=lnw-necto; t=1445001837; bh=7qwYqRaWOgVfAwPidi+Ah+M50VlTDIYrZjPtY1HsI8g=; h=Date:From:To:Subject:In-Reply-To:References:From; b=kIeqYYp3VciRGOF4QdapAw5Cx+2lYWSI4FoeEjWfB5asOVsxo9npa+Wo9PSwbIkFQ mHnlpEeBH3BDQ+lmUDBfq+BV9nHQ4p09Zy/I/w9fpvnW2QimH/ewcsveQ3UaJtGOzD /QfeU1HVSyj0nW/65iH0MeyDopz/nkL62XKN9Hks=
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Content-Transfer-Encoding: 7bit
Date: Fri, 16 Oct 2015 09:23:57 -0400
From: Julien Vehent <>
In-Reply-To: <>
References: <> <>
Message-ID: <>
User-Agent: Roundcube Webmail/1.1.2
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-2.1
X-W3C-Hub-Spam-Report: BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: 1Zn4zc-0003v5-23 fe649e45bf7732cb3c2da3b10e489872
Subject: Re: h2 ciphers
Archived-At: <>
X-Mailing-List: <> archive/latest/30371
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

On 2015-10-16 09:08, Amos Jeffries wrote:
> HTTP/2 was designed to be implemented from a clean-slate situation.
> Everybody is building new code based on the same spec, so there is no
> legacy behaviours to be tolerant about.

(I'm the author of the Mozilla guidelines).

This is correct: the recommendation is for HTTP/1.1 where a significant 
amount of backward compatibility is required. The modern guidelines 
guarantee strong crypto on somewhat recent clients, but we can certainly 
do better for http/2.

We'll probably revise the guidelines in the coming months. In the 
meantime, on a h2 endpoint, I would recommend limiting it to these 

$ openssl ciphers -V 
0xC0,0x2F  -  ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2  Kx=ECDH  Au=RSA    
Enc=AESGCM(128)  Mac=AEAD
0xC0,0x2B  -  ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2  Kx=ECDH  Au=ECDSA  
Enc=AESGCM(128)  Mac=AEAD
0xC0,0x30  -  ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2  Kx=ECDH  Au=RSA    
Enc=AESGCM(256)  Mac=AEAD
0xC0,0x2C  -  ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2  Kx=ECDH  Au=ECDSA  
Enc=AESGCM(256)  Mac=AEAD

Note: we don't recommend ECDHE-RSA-CHACHA20-POLY1305 because it's not 
yet a standard and our mozilla servers don't implement it, but feel free 
to use it :)

- Julien