Kyh's blog

Kyh's random blog of stuff

Secure TLS Cipher-algos for Your Webserver.

Perfect Forward Secrecy: Attacks: BEAST (CBC, patched TLS1.1/1.2), CRIME (TLS compression, requires MITM + injectioning javascript via http/etc), BREACH (requires HTTP compression, reflect user input in http response bodies + CSRF token in http response headers), RC4 biases, Truncation attack (injecting unenrypted TCP FINs), Lucky13 (CBC padding-timing oracle attack against MAC) Version rollbacks to insecure ciphers + false start. Renegotiation attack.. hhrgrgh firefox doesn’t support TLS1.1/1.2, so if you drop RC4, you’re vulnerable to BEAST (if unpatched) CHOOSE.

TLS MACs and then ENCRYPTS.. Due to CBC padding out to blocks, you can fiddle with the cipher text and see what comes out..

Benchmark DHE vs ECDHE.