How to configure Dovecot to disable NIST's curves and still rertain EECDH?
    Kurt Fitzner 
    kurt+dove at va1der.ca
       
    Wed Dec 19 05:39:55 EET 2018
    
    
  
I am interested in configuring Dovecot's TLS so as to retain forward
secrecy, but eliminate all of NIST's elliptic curves. 
Besides being subject to side channel attacks [1], in some quarters
there is a general distrust of NIST's curves and any of their other
cryptographic primitives after the Dual EC DRBG debacle. 
>From what I can tell, the following will prevent the use of NIST's
curves (along with other dangerous primitives) in Dovecot, but this is
accomplished by simply disabling EECDH entirely.
ssl_cipher_list = HIGH:!DSS:!EECDH:!ECDH:!SHA1:!aNULL:!eNULL:@STRENGTH
This should still retain forward secrecy through the use of EDH, but
this doesn't leave much in the way of allowable algorithms on my server:
$ openssl ciphers -V
'HIGH:!DSS:!EECDH:!ECDH:!SHA1:!aNULL:!eNULL:@STRENGTH'
  0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA 
Enc=AESGCM(256) Mac=AEAD
  0x00,0x6B - DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA 
Enc=AES(256)  Mac=SHA256
  0x00,0x9D - AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA 
Enc=AESGCM(256) Mac=AEAD
  0x00,0x3D - AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA 
Enc=AES(256)  Mac=SHA256
  0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA 
Enc=AESGCM(128) Mac=AEAD
  0x00,0x67 - DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA 
Enc=AES(128)  Mac=SHA256
  0x00,0x9C - AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA 
Enc=AESGCM(128) Mac=AEAD
  0x00,0x3C - AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA 
Enc=AES(128)  Mac=SHA256
Is there a better way to do this? Is there a way to disable only the
suspect NIST curves and still retain EECDH but with side-channel safe
curves like X25519? 
Thanks, 
       Kurt Fitzner 
  
Links:
------
[1] https://blog.cr.yp.to/20140323-ecdsa.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20181218/59c56547/attachment.html>
    
    
More information about the dovecot
mailing list