PFS key size in PFS summary

[oparoz]

This is what I'm getting with cipherscan when using OpenSSL 1.0.2

prio  ciphersuite                  protocols  pfs_keysize
1     DHE-RSA-AES256-GCM-SHA384    TLSv1.2    DH,4096bits
2     DHE-RSA-AES256-SHA256        TLSv1.2    DH,4096bits
3     DHE-RSA-AES128-GCM-SHA256    TLSv1.2    DH,4096bits
4     DHE-RSA-AES128-SHA256        TLSv1.2    DH,4096bits
5     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2    ECDH,P-384,384bits
6     ECDHE-RSA-AES256-SHA384      TLSv1.2    ECDH,P-384,384bits
7     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2    ECDH,P-384,384bits
8     ECDHE-RSA-AES128-SHA256      TLSv1.2    ECDH,P-384,384bits

Even though that version of OpenSSL isn't out yet, I think it would be useful to get ready and offer that kind of information as soon as it's out.

[drwetter]

It's certainly a nice to have. There are other things more important for now. (BTW: It has nothing to do with the openssl version and if you follow the instruction @ https://github.com/drwetter/testssl.sh/tree/master/openssl-bins/openssl-1.0.2-chacha.pm/ you will have openssl 1.0.2++ ;-)

[oparoz]

Well, it's just much easier to extract with 1.0.2 as it's in a field ready to be parsed without having to analyse a hex output :).

And I find the info very useful as there is no point having a 4096bit cert if Apache is exchanging keys with DH1024, but there is no rush.

[drwetter]

The point is that one can't force users to use a specific OpenSSL version. Compatibility is more important to me. The biggest pain is Mac OsX. Latest version still has 0.98z (?).

From the crypto perspective personally I 'd rather prefer DH w/ 1024 bits as encryption with EC algorithm. But that's more a gut instinct. Still I agree, an indicator would be a nice to have.

[drwetter]

Oh, I missed tto comment on that.

@oparoz maybe you were ahead on time ;-) That was implemented in060178071dbb30d0b9235989387af29ff04f4e43 because of Logjam, see #105, #106, #107 .

[oparoz]

👍