- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Sat, 30 Apr 2016 00:17:22 +1200
- To: ietf-http-wg@w3.org
On 29/04/2016 10:33 p.m., Philipp Junghannß wrote: > I have read the forbidden ciphers for HTTP2 (appendix A) which is quite a > long list and I think it might be intresting to see what ciphers actually > ARE allowed, also because whitelisting a small number of ciphers might be > more efficient than blacklisting everything that's listed there (especially > concidering the different naming conventions among servers. > The result of that test depends on your library and its age. IIRC you will find that AEAD, EC, DH or AES GCM based ciphers are almost the only allowed ones. Those are all fairly recent developments and not available on OS more than a few years old. (One would expect that any OS getting updated to software doing h2 is also capable of getting security library updates. But weirder things have happened in HTTP.) The blacklist set is fixed, whereas the whitelist is variable and must also cope with a group of not-yet-invented ciphers. Figuring out that variable part on the go can be a lot less efficient than using a static blacklist and leaving the details to the library. It is up to you how to implement of course. Just saying blacklist is actually the easy way. You can also shortcut the list somewhat - notice that CBC, RC4, etc. are common occurance on the forbidden so just making your software avoid old cruft will get you a long way towards compliance and will help with general HTTPS security as well. Amos
Received on Friday, 29 April 2016 12:18:38 UTC