Improved TLS Defaults

10 years ago by Daniel Lowrey — view source

unread

The Mozilla defaults are geared towards achieving perfect forward security
where possible ...
The RFC, at a minimum, seems a positive change.

Great! This is the goal.

The settings proposed in the RFC are geared towards disallowing anything
that's unabashedly insecure while still maintaining the broadest possible
support by default (to minimize BC implications). I realize that Padraic
isn't suggesting this but I want to state for the record that I don't
believe it makes sense at this time to try to enforce perfect forward
security as a language-level default. However, it is important to move
away from the existing naive default and that's what the RFC proposes.

The nice thing here is that the default cipher setting is exceedingly
simple to modify in response to future threats or attack vectors; all we'd
need to do to respond to new information going forward is to modify a
single string.

10 years ago by padraic.brady@gmail.com — view source

unread

Hey Daniel,

The Mozilla defaults are geared towards achieving perfect forward
security
where possible ...
The RFC, at a minimum, seems a positive change.

Great! This is the goal.

I think it's a great goal so we'll see how the RFC goes :P.

The settings proposed in the RFC are geared towards disallowing anything
that's unabashedly insecure while still maintaining the broadest possible
support by default (to minimize BC implications). I realize that Padraic
isn't suggesting this but I want to state for the record that I don't
believe it makes sense at this time to try to enforce perfect forward
security as a language-level default. However, it is important to move
away from the existing naive default and that's what the RFC proposes.

You're correct, I'm not suggesting PFS right now but I just wanted to add
context as to where the browser community is headed. While I joked a bit
about Internet Explorer/Safari, Microsoft has been pushing the IETF pretty
hard over it too. Eventually server->server will be the weakest link in the
chain if it doesn't also adopt PFS so let's not dismiss it for the next
decade either ;).

The IETF also has a TLS group setup whose charter is basically to propose
standards on using TLS:
https://datatracker.ietf.org/doc/charter-ietf-uta/. They are a long
way from publishing anything but its recommendations may
bear on future TLS changes in PHP.

Paddy

--
Pádraic Brady

http://blog.astrumfutura.com
http://www.survivethedeepend.com
Zend Framework Community Review Team
Zend Framework PHP-FIG Representative