Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New feature request: x25519 Key Exchange #3157

Open
biergaizi opened this issue Feb 4, 2017 · 3 comments
Open

New feature request: x25519 Key Exchange #3157

biergaizi opened this issue Feb 4, 2017 · 3 comments

Comments

@biergaizi
Copy link

@biergaizi biergaizi commented Feb 4, 2017

Currently, the good old DHE Key Exhange in TLS is vulnerable on many legacy systems, the web industry switched to ECDHE to get away from the old systems, also for better performance.

However, ECDHE Key Exchange is using one of the NIST P-series elliptic curves, which have unexplained parameters, random seeds and design choices, also prone to many implementation mistakes. Some speculated the whole curve is an attempt to intentionally weaken the crypto strength by the NSA.

In response, Daniel J. Bernstein's faster, clearer more securer alternative elliptic curve, Curve25519 is getting more and more support. Now, it is supported by FireFox and Chrome as an accepted ECDHE algorithm. Microsoft Edge's team also stated that they would like to support it in the future.

It is useful to document the support of x25519 key exchange.

@biergaizi
Copy link
Author

@biergaizi biergaizi commented Feb 4, 2017

FireFox 51 is released in Jan 24, 2017, upgraded the NSS library to 3.28, which supports x25519.

@biergaizi
Copy link
Author

@biergaizi biergaizi commented Feb 4, 2017

x25519 in enabled by default in:

  • Chrome for desktop release 50
  • Chrome for Android release 50
  • Android WebView release 50
  • Opera release 37
  • Opera for Android release 37

@ElleshaHackett
Copy link
Contributor

@ElleshaHackett ElleshaHackett commented Apr 23, 2017

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants