Caddy: Feature request: Option to change the DiffieāHellman handshake curve
As far as I know, it is currently only possible to use the default P-256 curve in Caddy for the DHE handshake. To get 100% key exchange at ssllabs.com one has to use at least secp384r1.
cipherli.st also recommends secp384r1 for nginx.
Iām not suggesting to set this as new default but to have the option to change the curve. If curve25519 gets integrated (#1116) this option is also needed.
mkoppmann
All 15 comments
Hello @mkoppmann and @mholt,
https://golang.org/src/crypto/tls/common.go?h=defaultCurvePreferences#L542
var defaultCurvePreferences = []CurveID{CurveP256, CurveP384, CurveP521}
Golang prefers P-256 over P-384 š
I already implemented this feature here: https://github.com/mholt/caddy/tree/CurvePreferences
elcore
on 19 Sep 2016
Hi @elcore,
thanks for posting that info. Itās probably because p256 has an assembly implementation and therefore is way faster (source).
Great that you already implemented this feature. Is there any chance to get this merged or can I help somehow with testing?
mkoppmann
on 19 Sep 2016
Hi @mkoppmann,
Is there any chance to get this merged
Well, I need to rewrite the code (move from 0.8.X to 0.9.X)! I could send you a modified version (for your own use) (I do not have much time until the weekend -- school etc.)
elcore
on 19 Sep 2016
For me personally, setting the curve to P384 is really just to get the higher ranking at ssllabs, so itās definitely not high priority and I think with the current implementation in Go (and I believe OpenSSL) that P256 is more error resistant than P384.
My curve preferences are: Curve25519 > P256 > P384.
mkoppmann
on 19 Sep 2016
Hi @mkoppmann,
We should wait until Golang implements Curve25519 into the standard library (TLS -- CurveID).
elcore
on 19 Sep 2016
Hi @elcore,
Yes, that would be the right thing to do.
As Iām trying to get into Github and the whole open development process, whatās the right way to handle this situation, as #1116 and this issue are related? Just keeping them open or is there some āOn holdā status?
mkoppmann
on 19 Sep 2016
Hi @mkoppmann,
Just keeping them open or is there some āOn holdā status?
As far as I know, there is no "On hold" status -- @mholt needs to decide what we should do.
P.S.: Welcome to GitHub š
elcore
on 19 Sep 2016
Maybe it should be configurable just like TLS version preference is?
I've got custom caddy built with some changes deployed on my landing page (including curve preferences). Here is ssllabs score for it: https://www.ssllabs.com/ssltest/analyze.html?d=serafin.tech
wendigo
on 2 Oct 2016
OT: The clients who can still connect to your site do all support the forward secrecy capable ciphers, so you should disable TLS_RSA_WITH_AES_256_CBC_SHA and TLS_RSA_WITH_AES_128_CBC_SHA.
mkoppmann
on 2 Oct 2016
Hello @wendigo,
it is š
Caddyfile:
domain.com {
tls {
curves ab123, cd456, ef789
}
}
Hello @mkoppmann, @wendigo,
I implemented the feature request š
https://github.com/mholt/caddy/tree/CurvePreferences-0.9.X
You can test it now š -- I appreciate any feedback
Supported Curves:
p384
p521
@elcore Make a pull request ;)
mholt
on 3 Oct 2016
@mkoppmann Sorry to have been silent on this for a while, been a bit busy. I think we can go forward with this issue without having to wait on #1116.
mholt
on 3 Oct 2016
@elcore, @mholt, wow thatās fantastic :smile:
Caddy is getting better every day :+1:
mkoppmann
on 3 Oct 2016
@elcore Nice :)
wendigo
on 4 Oct 2016
Related issues
xfzka
Ā·
3Comments
ericmdantas
Ā·
3Comments
lorddaedra
Ā·
3Comments
wayneashleyberry
Ā·
3Comments
klaasel
Ā·
3Comments
Most helpful comment
@elcore Nice :)