On Fri, May 18, 2007 at 15:15:07 -0600, Kyle Wheeler wrote:
...
> The problem with permanent SSL certificates (as I understand it, and I'm no
> guru on SSL) is that given enough connections, which are all very regular
> (for example, you know that the greeting is the same each time, and you know
> the general structure of an SMTP conversation) you can begin to figure out
> what the certificate is. The way to solve this problem is to add a little
RFC4492 defines Elliptic Curve Cryptography (ECC) Cipher Suites for TLS.
If you use ECDHE-ECDSA or ECDHE-RSA key exchange mechanisms,
you get forward secrecy. It means that session keys are not compromized
if the static, certified keys belonging to the server and client are
compromized.
Latest openssl (cvs) supports ECDHE-ECDSA and ECDHE-RSA.
Also my patches to qmail and sslserver support them.
http://qmail.safari.iki.fi/dl/ucspi-ssl-ucspitls-latest-safari.diff
$ openssl s_client -connect 127.0.0.1:25 -starttls smtp -crlf -cipher
ECDHE-ECDSA-AES256-SHA
...
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES256-SHA
Server public key is 281 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-ECDSA-AES256-SHA
Session-ID: 327DDC0066BEAC18704A05D533225BDEAFFD571B16F3581BB2BB300510A09D89
Session-ID-ctx:
Master-Key:
68E9C949CED5E66C4D6DABF467524DBE93D05C161A57746C07872F5D74A88A4860CC4560DC703C720061AD851B3FDB64
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1179525162
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
--
pgpeusU4iBDjM.pgp
Description: PGP signature
|