Obviously, the DH Ephemeral ciphersuites consist of a (sometimes
fast) DH step PLUS an RSA or ECDSA step to confirm the identity of
the server, while the slightly less secure RSA suites only do the
RSA step. DH+ECDSA requires an ECDSA certificate, which won't
work for clients that require RSA suites.
On 26/09/2017 18:58, Benjamin Kaduk via openssl-users wrote:
I am curious about this statement that "(EC)DHE cost much more
resources than RSA". In particular, ECDHE is supposed to be less
computation-intensive than RSA for a given security level, so it would
be interesting to hear what your setup is where the reverse is
supposed to be observed.
-Ben
On 09/26/2017 03:44 AM, 李明 wrote:
just find it,
server respect client's cipher preference by default,
it selects the suite preferred by client among the cipherlist that
both the client and server support.
so it's not enough to just increase RSA cipher priority on server
side ,
SSL_OP_CIPHER_SERVER_PREFERENCE will make the server select the suite
that itself most prefer among the cipherlist that both the client and
server support.
在 2017-09-26 15:15:10,"李明" <mid_li@xxxxxxx> 写道:
Hello,
Currently, openssl prefer (EC)DHE handshakes over plain RSA,
but (EC)DHE cost much more resouces than RSA.
In order to get higher performance , I want to prioritize
RSA related ciphers, does anyone knows how to do it.
I have tried cipherlist "RSA:ALL:!COMPLEMENTOFDEFAULT:!eNULL"
, it looks fine in openssl command line
./openssl ciphers -v 'RSA:ALL:!COMPLEMENTOFDEFAULT:!eNULL'
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA
Enc=AESGCM(256) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA
Enc=AESGCM(128) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256)
Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128)
Mac=SHA256
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256)
Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128)
Mac=SHA1
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA
Enc=AESGCM(256) Mac=AEAD
but, after SSL_CTX_set_cipher_list(ctx,
"RSA:ALL:!COMPLEMENTOFDEFAULT:!eNULL") in my application, it
didn't work, the first choice is still ECDHE-RSA-AES256-GCM-SHA384
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
