On 08/24/2013 11:38 AM, Reindl Harald wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=319901 looks like Redhat based systems are the only remaining which does not support EECDHE which is a shame these days in context of PRISM and more and more Ciphers are going to be unuseable (BEAST/CRIME weakness)
Current Fedora supports perfect forward secrecy just fine. It's just that web server operators routinely refuse to offer it. (The situation is different with mail servers.) Operational benefits look rather marginal to me. It may discourage interested parties from requesting server private keys, but even that isn't assured. It does not help against server operators which provide third parties with cleartext copies of transmissions, obviously.
Perfect forward secrecy is totally unrelated to padding oracles and compression leaks. Fedora already provides several countermeasures against those, such as TLS 1.2 support and disabling compression. These issues require active attacks and would leave traces in sufficiently detailed log files, too.
-- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
