Re: [TLS] sect571r1

Rob Stradling <rob.stradling@comodo.com> Wed, 15 July 2015 22:27 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA3D11B3532 for <tls@ietfa.amsl.com>; Wed, 15 Jul 2015 15:27:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BC1CCkVAJNRg for <tls@ietfa.amsl.com>; Wed, 15 Jul 2015 15:27:40 -0700 (PDT)
Received: from mmextmx1.mcr.colo.comodoca.net (mmextmx1.mcr.colo.comodoca.net [IPv6:2a02:1788:402:c00::c0a8:9cd5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA36E1B352B for <tls@ietf.org>; Wed, 15 Jul 2015 15:27:39 -0700 (PDT)
Received: (qmail 27276 invoked by uid 1004); 15 Jul 2015 22:27:37 -0000
Received: from ian.brad.office.comodo.net (HELO ian.brad.office.comodo.net) (192.168.0.202) by mmextmx1.mcr.colo.comodoca.net (qpsmtpd/0.84) with ESMTP; Wed, 15 Jul 2015 23:27:37 +0100
Received: (qmail 32234 invoked by uid 1000); 15 Jul 2015 22:27:37 -0000
Received: from and0004.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Wed, 15 Jul 2015 23:27:37 +0100
Message-ID: <55A6DE59.8080409@comodo.com>
Date: Wed, 15 Jul 2015 23:27:37 +0100
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Dave Garrett <davemgarrett@gmail.com>, tls@ietf.org
References: <201507151413.22408.davemgarrett@gmail.com><20150715210637.GT12152@cph.win.tue.nl><201507151739.27053.davemgarrett@gmail.com> <201507151742.48038.davemgarrett@gmail.com>
In-Reply-To: <201507151742.48038.davemgarrett@gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/LugxcEge2WPZVqNfMhL020N7RTY>
Subject: Re: [TLS] sect571r1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 22:27:44 -0000

AIUI, OpenSSL's default highest preference curve is sect571r1 (aka 
B-571).  See [1] and [2].

The result of calling OpenSSL's recommended SSL_CTX_set_ecdh_auto(ctx, 
1) function is that "the highest preference curve is automatically used 
for ECDH temporary keys used during key exchange." [3]

And sure enough, when my SSL scanner (an OpenSSL-based client) scans 
itself (an httpd/mod_ssl/OpenSSL-based server) [4], it reports that 
sect571r1 is used.  I haven't explicitly configured it to use this 
curve.  In fact, I would reconfigure it to use secp256r1 if I could find 
a mod_ssl directive that would let me do that.

So I'm wondering if most people using sect571r1 are using it simply 
because it's a default setting that they can't change, not because they 
have a particularly strong desire to use it.

+1 to dropping sect571r1 and to Tony's suggestion of further trimming 
the curve list.


[1] 
https://www.ssllabs.com/ssltest/viewClient.html?name=OpenSSL&version=1.0.1l

[2] 
https://www.ssllabs.com/ssltest/viewClient.html?name=OpenSSL&version=1.0.2

[3] http://openssl.org/docs/ssl/SSL_CTX_set_ecdh_auto.html

[4] https://sslanalyzer.comodoca.com/?url=sslanalyzer.comodoca.com

On 15/07/15 22:42, Dave Garrett wrote:
> On Wednesday, July 15, 2015 05:39:26 pm Dave Garrett wrote:
>> It's the most used of the rarely used curves.
>
> This statement is potentially confusing, actually, because in comparison to P256 _everything_ is rarely used when it comes to ECDHE.
>
>
> Dave
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online