logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: ECDSA question
Author
mrdj1024



Joined: 03 Apr 2023
Posts: 52
Location: Bridgeton,NJ,USA

PostPosted: Sat 26 Oct '24 23:25    Post subject: ECDSA question Reply with quote

hello!
so i came across this "ECDSA does not encrypt or prevent someone from seeing or accessing your data, what it protects against though is making sure that the data was not tampered with"
so does this mean if we use ssl for a webserver our only option is RSA? because i always liked ecdsa because of the shorter keysizes and faster ssl handshakes,but if its not encrypting the data from packet sniffers its basically useless,so should we switch to rsa 3072 bit to get the equivalent of a p-256 key?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7370
Location: Germany, Next to Hamburg

PostPosted: Thu 07 Nov '24 12:29    Post subject: Reply with quote

ECDSA is secure with the correct options. I wrote an article on which ciphers to choose from and why[1] and there is an example configuration how to get an A+ at SSL test labs.[2]

Your p-256 key is too weak. You need at least 384 plus a 521 one.


[1] https://mariobrandt.de/archives/apache/choosing-the-right-cipher-alias-crypto-wars-part-twelve-1475/
[2] https://github.com/JBlond/debian_build_apache24/blob/master/ssl.conf
Back to top
mrdj1024



Joined: 03 Apr 2023
Posts: 52
Location: Bridgeton,NJ,USA

PostPosted: Thu 07 Nov '24 14:26    Post subject: Reply with quote

thankyou very much for the detailed info! i made a new 384 key and added your conf options and got an a+ on ssllabs
does this look right?

Code:
#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate,
#   and that httpd will negotiate as the client of a proxied server.
#   See the OpenSSL documentation for a complete list of ciphers, and
#   ensure these follow appropriate best practices for this deployment.
#   httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
#   while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
#SSLProxyCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384

https://ibb.co/GdnHtDv
im on windows
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7370
Location: Germany, Next to Hamburg

PostPosted: Fri 08 Nov '24 11:04    Post subject: Reply with quote

Your configuration looks good.
Back to top
mrdj1024



Joined: 03 Apr 2023
Posts: 52
Location: Bridgeton,NJ,USA

PostPosted: Tue 12 Nov '24 5:14    Post subject: Reply with quote

according to mozilla these suites are also secure
Code:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305

can these still give a a+ rating? and if so,which order should they be in to ensure best speed?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7370
Location: Germany, Next to Hamburg

PostPosted: Tue 12 Nov '24 10:13    Post subject: Reply with quote

DHE-RSA-AES256-GCM-SHA384, DHE-RSA-CHACHA20-POLY1305, and DHE-RSA-AES128-GCM-SHA256 have no EC (elliptic curves) and are no longer considered secure.

ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-RSA-AES128-GCM-SHA256 are still on "the good list"[1] of SSL test labs but have only 128 bits.

[1] https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
Back to top
mrdj1024



Joined: 03 Apr 2023
Posts: 52
Location: Bridgeton,NJ,USA

PostPosted: Tue 12 Nov '24 14:50    Post subject: Reply with quote

thankyou,so i updated my ssl conf to
Code:
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256

is this order correct,as i sometimes use rsa keys that are 3072 bit?
Back to top
DnvrSysEngr



Joined: 15 Apr 2012
Posts: 225
Location: Denver, CO USA

PostPosted: Wed 13 Nov '24 2:04    Post subject: Reply with quote

Looks same as mine, except i have CHACHA listed in 2nd place

SSLCipherSuite SSL --- ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256

SSLCipherSuite TLSv1.3 --- TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
Back to top
mrdj1024



Joined: 03 Apr 2023
Posts: 52
Location: Bridgeton,NJ,USA

PostPosted: Wed 13 Nov '24 2:37    Post subject: Reply with quote

thanks for the reply!
i'd appreciate it if someone could make me a list in the correct order so i can use both 384 ecdsa and 3072 bit rsa certs on the same server.
i dont need an a+ rating by any means but it would be nice to be able to use both types of encryption with both security and speed in mind.
Back to top


Reply to topic   Topic: ECDSA question View previous topic :: View next topic
Post new topic   Forum Index -> Apache