New feature request: x25519 Key Exchange #3157

Open
biergaizi opened this Issue Feb 4, 2017 · 3 comments

Comments

Projects
None yet
3 participants
@biergaizi

biergaizi commented Feb 4, 2017

Currently, the good old DHE Key Exhange in TLS is vulnerable on many legacy systems, the web industry switched to ECDHE to get away from the old systems, also for better performance.

However, ECDHE Key Exchange is using one of the NIST P-series elliptic curves, which have unexplained parameters, random seeds and design choices, also prone to many implementation mistakes. Some speculated the whole curve is an attempt to intentionally weaken the crypto strength by the NSA.

In response, Daniel J. Bernstein's faster, clearer more securer alternative elliptic curve, Curve25519 is getting more and more support. Now, it is supported by FireFox and Chrome as an accepted ECDHE algorithm. Microsoft Edge's team also stated that they would like to support it in the future.

It is useful to document the support of x25519 key exchange.

@biergaizi

This comment has been minimized.

Show comment
Hide comment
@biergaizi

biergaizi Feb 4, 2017

FireFox 51 is released in Jan 24, 2017, upgraded the NSS library to 3.28, which supports x25519.

FireFox 51 is released in Jan 24, 2017, upgraded the NSS library to 3.28, which supports x25519.

@biergaizi

This comment has been minimized.

Show comment
Hide comment
@biergaizi

biergaizi Feb 4, 2017

x25519 in enabled by default in:

  • Chrome for desktop release 50
  • Chrome for Android release 50
  • Android WebView release 50
  • Opera release 37
  • Opera for Android release 37

biergaizi commented Feb 4, 2017

x25519 in enabled by default in:

  • Chrome for desktop release 50
  • Chrome for Android release 50
  • Android WebView release 50
  • Opera release 37
  • Opera for Android release 37
@Calico90

This comment has been minimized.

Show comment
Hide comment
@Calico90

Calico90 Apr 23, 2017

Contributor

+1

Contributor

Calico90 commented Apr 23, 2017

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment