Re: [TLS] sect571r1

Rob Stradling <rob.stradling@comodo.com> Wed, 15 July 2015 22:53 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4F0B1B2E62 for <tls@ietfa.amsl.com>; Wed, 15 Jul 2015 15:53:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I2kbB0y47yNo for <tls@ietfa.amsl.com>; Wed, 15 Jul 2015 15:53:37 -0700 (PDT)
Received: from mmextmx2.mcr.colo.comodoca.net (mmextmx2.mcr.colo.comodoca.net [IPv6:2a02:1788:402:c00::c0a8:9cd6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D1871B2E41 for <tls@ietf.org>; Wed, 15 Jul 2015 15:53:37 -0700 (PDT)
Received: (qmail 18767 invoked by uid 1004); 15 Jul 2015 22:53:35 -0000
Received: from ian.brad.office.comodo.net (HELO ian.brad.office.comodo.net) (192.168.0.202) by mmextmx2.mcr.colo.comodoca.net (qpsmtpd/0.84) with ESMTP; Wed, 15 Jul 2015 23:53:35 +0100
Received: (qmail 6369 invoked by uid 1000); 15 Jul 2015 22:53:35 -0000
Received: from and0004.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Wed, 15 Jul 2015 23:53:35 +0100
Message-ID: <55A6E46F.7060106@comodo.com>
Date: Wed, 15 Jul 2015 23:53:35 +0100
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Dave Garrett <davemgarrett@gmail.com>, tls@ietf.org
References: <201507151413.22408.davemgarrett@gmail.com><20150715210637.GT12152@cph.win.tue.nl><201507151739.27053.davemgarrett@gmail.com><201507151742.48038.davemgarrett@gmail.com> <55A6DE59.8080409@comodo.com>
In-Reply-To: <55A6DE59.8080409@comodo.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Rs_IwwLIMd2_smiNn9UqwmNhe6Y>
Subject: Re: [TLS] sect571r1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 22:53:41 -0000

On 15/07/15 23:27, Rob Stradling wrote:
> AIUI, OpenSSL's default highest preference curve is sect571r1 (aka
> B-571).  See [1] and [2].
>
> The result of calling OpenSSL's recommended SSL_CTX_set_ecdh_auto(ctx,
> 1) function is that "the highest preference curve is automatically used
> for ECDH temporary keys used during key exchange." [3]
>
> And sure enough, when my SSL scanner (an OpenSSL-based client) scans
> itself (an httpd/mod_ssl/OpenSSL-based server) [4], it reports that
> sect571r1 is used.  I haven't explicitly configured it to use this
> curve.  In fact, I would reconfigure it to use secp256r1 if I could find
> a mod_ssl directive that would let me do that.
>
> So I'm wondering if most people using sect571r1 are using it simply
> because it's a default setting that they can't change, not because they
> have a particularly strong desire to use it.

s/that they can't change//

In httpd 2.4, the supported curve(s) can be configured using the 
SSLOpenSSLConfCmd directive.  (Thanks to Steve Henson for pointing me in 
the right direction just now).

> +1 to dropping sect571r1 and to Tony's suggestion of further trimming
> the curve list.
>
>
> [1]
> https://www.ssllabs.com/ssltest/viewClient.html?name=OpenSSL&version=1.0.1l
>
> [2]
> https://www.ssllabs.com/ssltest/viewClient.html?name=OpenSSL&version=1.0.2
>
> [3] http://openssl.org/docs/ssl/SSL_CTX_set_ecdh_auto.html
>
> [4] https://sslanalyzer.comodoca.com/?url=sslanalyzer.comodoca.com
>
> On 15/07/15 22:42, Dave Garrett wrote:
>> On Wednesday, July 15, 2015 05:39:26 pm Dave Garrett wrote:
>>> It's the most used of the rarely used curves.
>>
>> This statement is potentially confusing, actually, because in
>> comparison to P256 _everything_ is rarely used when it comes to ECDHE.
>>
>>
>> Dave
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
>

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
   3rd Floor, 26 Office Village, Exchange Quay,
   Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed.  If you have received this email in error please notify the 
sender by replying to the e-mail containing this attachment. Replies to 
this email may be monitored by COMODO for operational or business 
reasons. Whilst every endeavour is taken to ensure that e-mails are free 
from viruses, no liability can be accepted and the recipient is 
requested to use their own virus checking software.