Re: [TLS] sect571r1
Rob Stradling <rob.stradling@comodo.com> Wed, 15 July 2015 22:53 UTC
Return-Path: <rob.stradling@comodo.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4F0B1B2E62 for <tls@ietfa.amsl.com>; Wed, 15 Jul 2015 15:53:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I2kbB0y47yNo for <tls@ietfa.amsl.com>; Wed, 15 Jul 2015 15:53:37 -0700 (PDT)
Received: from mmextmx2.mcr.colo.comodoca.net (mmextmx2.mcr.colo.comodoca.net [IPv6:2a02:1788:402:c00::c0a8:9cd6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D1871B2E41 for <tls@ietf.org>; Wed, 15 Jul 2015 15:53:37 -0700 (PDT)
Received: (qmail 18767 invoked by uid 1004); 15 Jul 2015 22:53:35 -0000
Received: from ian.brad.office.comodo.net (HELO ian.brad.office.comodo.net) (192.168.0.202) by mmextmx2.mcr.colo.comodoca.net (qpsmtpd/0.84) with ESMTP; Wed, 15 Jul 2015 23:53:35 +0100
Received: (qmail 6369 invoked by uid 1000); 15 Jul 2015 22:53:35 -0000
Received: from and0004.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Wed, 15 Jul 2015 23:53:35 +0100
Message-ID: <55A6E46F.7060106@comodo.com>
Date: Wed, 15 Jul 2015 23:53:35 +0100
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Dave Garrett <davemgarrett@gmail.com>, tls@ietf.org
References: <201507151413.22408.davemgarrett@gmail.com><20150715210637.GT12152@cph.win.tue.nl><201507151739.27053.davemgarrett@gmail.com><201507151742.48038.davemgarrett@gmail.com> <55A6DE59.8080409@comodo.com>
In-Reply-To: <55A6DE59.8080409@comodo.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Rs_IwwLIMd2_smiNn9UqwmNhe6Y>
Subject: Re: [TLS] sect571r1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 22:53:41 -0000
On 15/07/15 23:27, Rob Stradling wrote: > AIUI, OpenSSL's default highest preference curve is sect571r1 (aka > B-571). See [1] and [2]. > > The result of calling OpenSSL's recommended SSL_CTX_set_ecdh_auto(ctx, > 1) function is that "the highest preference curve is automatically used > for ECDH temporary keys used during key exchange." [3] > > And sure enough, when my SSL scanner (an OpenSSL-based client) scans > itself (an httpd/mod_ssl/OpenSSL-based server) [4], it reports that > sect571r1 is used. I haven't explicitly configured it to use this > curve. In fact, I would reconfigure it to use secp256r1 if I could find > a mod_ssl directive that would let me do that. > > So I'm wondering if most people using sect571r1 are using it simply > because it's a default setting that they can't change, not because they > have a particularly strong desire to use it. s/that they can't change// In httpd 2.4, the supported curve(s) can be configured using the SSLOpenSSLConfCmd directive. (Thanks to Steve Henson for pointing me in the right direction just now). > +1 to dropping sect571r1 and to Tony's suggestion of further trimming > the curve list. > > > [1] > https://www.ssllabs.com/ssltest/viewClient.html?name=OpenSSL&version=1.0.1l > > [2] > https://www.ssllabs.com/ssltest/viewClient.html?name=OpenSSL&version=1.0.2 > > [3] http://openssl.org/docs/ssl/SSL_CTX_set_ecdh_auto.html > > [4] https://sslanalyzer.comodoca.com/?url=sslanalyzer.comodoca.com > > On 15/07/15 22:42, Dave Garrett wrote: >> On Wednesday, July 15, 2015 05:39:26 pm Dave Garrett wrote: >>> It's the most used of the rarely used curves. >> >> This statement is potentially confusing, actually, because in >> comparison to P256 _everything_ is rarely used when it comes to ECDHE. >> >> >> Dave >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> > -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online Office Tel: +44.(0)1274.730505 Office Fax: +44.(0)1274.730909 www.comodo.com COMODO CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by COMODO for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software.
- Re: [TLS] sect571r1 Tony Arcieri
- [TLS] sect571r1 Dave Garrett
- Re: [TLS] sect571r1 Benjamin Beurdouche
- Re: [TLS] sect571r1 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] sect571r1 Yoav Nir
- Re: [TLS] sect571r1 Eric Rescorla
- Re: [TLS] sect571r1 Viktor Dukhovni
- Re: [TLS] sect571r1 Deirdre Connolly
- Re: [TLS] sect571r1 Adam Langley
- Re: [TLS] sect571r1 Tanja Lange
- Re: [TLS] sect571r1 Dave Garrett
- Re: [TLS] sect571r1 Dave Garrett
- Re: [TLS] sect571r1 Dan Brown
- Re: [TLS] sect571r1 Tony Arcieri
- Re: [TLS] sect571r1 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] sect571r1 Dave Garrett
- Re: [TLS] sect571r1 Rob Stradling
- Re: [TLS] sect571r1 Rob Stradling
- Re: [TLS] sect571r1 Martin Thomson
- Re: [TLS] sect571r1 Brian Smith
- Re: [TLS] sect571r1 Tony Arcieri
- Re: [TLS] sect571r1 Eric Rescorla
- Re: [TLS] sect571r1 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] sect571r1 Martin Rex
- Re: [TLS] sect571r1 Tony Arcieri
- [TLS] (selection criteria for crypto primitives) … Rene Struik
- Re: [TLS] (selection criteria for crypto primitiv… Tony Arcieri
- Re: [TLS] sect571r1 Dan Brown
- Re: [TLS] (selection criteria for crypto primitiv… Jeffrey Walton
- Re: [TLS] (selection criteria for crypto primitiv… Tony Arcieri
- Re: [TLS] sect571r1 Dave Garrett
- Re: [TLS] sect571r1 Dave Garrett
- Re: [TLS] sect571r1 Jeffrey Walton
- Re: [TLS] sect571r1 Tony Arcieri
- Re: [TLS] sect571r1 Viktor Dukhovni
- Re: [TLS] sect571r1 Jeffrey Walton
- Re: [TLS] sect571r1 Jeffrey Walton
- Re: [TLS] sect571r1 Viktor Dukhovni
- Re: [TLS] (selection criteria for crypto primitiv… Dave Garrett
- Re: [TLS] sect571r1 Yoav Nir
- Re: [TLS] sect571r1 Salz, Rich
- Re: [TLS] (selection criteria for crypto primitiv… Viktor Dukhovni
- Re: [TLS] sect571r1 Tony Arcieri
- Re: [TLS] sect571r1 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] sect571r1 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] sect571r1 Hubert Kario
- Re: [TLS] (selection criteria for crypto primitiv… Johannes Merkle
- Re: [TLS] (selection criteria for crypto primitiv… Ilari Liusvaara
- Re: [TLS] (selection criteria for crypto primitiv… Dave Garrett
- Re: [TLS] (selection criteria for crypto primitiv… Ilari Liusvaara
- Re: [TLS] (selection criteria for crypto primitiv… Eric Rescorla
- Re: [TLS] sect571r1 Sean Turner