Hacker News new | comments | show | ask | jobs | submit login
SSL/TLS analysis of the Internet's top 1,000,000 websites (linuxwall.info)
63 points by jvehent 1376 days ago | hide | past | web | 11 comments | favorite



> On ECDHE's side, handshakes almost always use the P-256 curve. Again, this makes sense, since Internet Explorer, Chrome and Firefox only support P256 at the moment. But according to recent research public by DJB & Lange, this might not be the safest choice.

Not only is it not safe, but it's also 3x slower than DJB's own 256-bit Curve25519:

https://www.imperialviolet.org/2010/12/21/eccspeed.html

All the browsers should hurry up and support it already. Also maybe it's time to consider using NaCl, or some other alternative to OpenSSL, which seems hopeless.


Chrome and Firefox (among many others) use NSS, which accepts patches ;)


Regarding the TLS 1.0 and 1.2 but not 1.1 sites, I think it's related to this:

Changes between 1.0.1a and 1.0.1b [26 Apr 2012]

- OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and 1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately mean any application compiled against OpenSSL 1.0.0 headers setting SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disablng TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to 0x10000000L Any application which was previously compiled against OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1 will need to be recompiled as a result.


That's an interesting piece of information! Thank you for sharing it.


I would like for someone with knowledge to create an example apache config and keep it up to date.

One would think that someone from the apache project might be well suited for it.



https://www.ssllabs.com/ssltest/

Makes it incredibly simple to get a good idea of how secure your config is and where compatibility problems might arise.


I have been doing a lot of SSL/TLS research the last few days and found the following to be great resources from Qualys too:

- https://community.qualys.com/blogs/securitylabs/2013/08/05/c...

- https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Pr...


This repo is a collection of sensible SSL/TLS options for a variety of web servers, including Apache.

https://github.com/ioerror/duraconf


For TLS? I can think of at least two sites that have been posted on HN recently that do just that.


It seems to me that browsers ought to pop up a security warning for any site that tries to use an insecure cipher like RC4 or 3DES so the user is at least aware. I say that simply because it's possible that even if a site supports something more secure, what's to stop a MITM from reporting differently during the protocol negotiation?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: