-
Notifications
You must be signed in to change notification settings - Fork 693
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support cipher / key-agreement preferences #1
Comments
After some thought and much discussion, this might be a bad idea. Most customers, administrators and so on do not have an in-depth understanding of SSL/TLS cipher suites; and so asking them to configure an order is a bit like passing the buck. It would be better if s2n chose sane defaults. Since library users must maintain good deployment practices for software bugs, it seems sensible to use this same process to handle updates in the "safe" cipher suites too. At the same time, users should be free to validate and test new defaults, as well as insulate themselves from change. To try to get both it's proposed that s2n support checkpointed defaults. What that means is:
|
This change moves the minimum protocol version into our versioned sets of cipher suite configurations. This means that users will be able keep a protocol version enabled, even if we disable it by default, if they choose to use an explicit version for configuration. Works towards #1 As a nice side-effect, this change also removes the dynamoc memory allocation for the cipher suite preferences and wire formats. If we disallow changing these, then it's safe to use the versions that are on the stack.
Certain Java TLS clients have an implementation bug that causes poor performance with GCM based cipher suites[1]. In lieu of disabling GCM completely for these clients, let's add a new preference list with a CBC cipher aws#1(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA). The hope here is that most Java clients support that cipher and thus won't negotiate GCM. The downside is clients with reasonable GCM implementations will negotiate the CBC cipher and see lower performance. We should not make this the default preference list for s2n. Users of s2n should consider this preference list after determining that GCM is causing performance impact for clients. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1135504
Certain Java TLS clients have an implementation bug that causes poor performance with GCM based cipher suites[1]. In lieu of disabling GCM completely for these clients, let's add a new preference list with a CBC cipher aws#1(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA). The hope here is that most Java clients support that cipher and thus won't negotiate GCM. The downside is clients with reasonable GCM implementations will negotiate the CBC cipher and see lower performance. We should not make this the default preference list for s2n. Users of s2n should consider this preference list after determining that GCM is causing performance impact for clients. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1135504
Certain Java TLS clients have an implementation bug that causes poor performance with GCM based cipher suites[1]. In lieu of disabling GCM completely for these clients, let's add a new preference list with a CBC cipher aws#1(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA). The hope here is that most Java clients support that cipher and thus won't negotiate GCM. The downside is clients with reasonable GCM implementations will negotiate the CBC cipher and see lower performance. We should not make this the default preference list for s2n. Users of s2n should consider this preference list after determining that GCM is causing performance impact for clients. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1135504
At present s2n has a single fixed ordering for cipher suites. These defaults should suit most users, but some flexibility is probably necessary.
Tentative proposal for an API:
The text was updated successfully, but these errors were encountered: