W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: h2 ciphers

From: Julien Vehent <julien@linuxwall.info>
Date: Fri, 16 Oct 2015 09:23:57 -0400
To: ietf-http-wg@w3.org
Message-ID: <081f0c00b022ce8c29f37d1c349c7706@webmail.linuxwall.info>
On 2015-10-16 09:08, Amos Jeffries wrote:
> HTTP/2 was designed to be implemented from a clean-slate situation.
> Everybody is building new code based on the same spec, so there is no
> legacy behaviours to be tolerant about.

(I'm the author of the Mozilla guidelines).

This is correct: the recommendation is for HTTP/1.1 where a significant 
amount of backward compatibility is required. The modern guidelines 
guarantee strong crypto on somewhat recent clients, but we can certainly 
do better for http/2.

We'll probably revise the guidelines in the coming months. In the 
meantime, on a h2 endpoint, I would recommend limiting it to these 
ciphers:

$ openssl ciphers -V 
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384'
0xC0,0x2F  -  ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2  Kx=ECDH  Au=RSA    
Enc=AESGCM(128)  Mac=AEAD
0xC0,0x2B  -  ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2  Kx=ECDH  Au=ECDSA  
Enc=AESGCM(128)  Mac=AEAD
0xC0,0x30  -  ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2  Kx=ECDH  Au=RSA    
Enc=AESGCM(256)  Mac=AEAD
0xC0,0x2C  -  ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2  Kx=ECDH  Au=ECDSA  
Enc=AESGCM(256)  Mac=AEAD

Note: we don't recommend ECDHE-RSA-CHACHA20-POLY1305 because it's not 
yet a standard and our mozilla servers don't implement it, but feel free 
to use it :)

- Julien
Received on Friday, 16 October 2015 13:24:27 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC