Timeline for ecdh-curve and tls cipher do not work together
Current License: CC BY-SA 4.0
6 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jan 26, 2021 at 2:22 | answer | added | Thilo | timeline score: 2 | |
| Apr 6, 2020 at 16:20 | comment | added | Z.T. | The best recommendation is ECDHE with X25519, RSA (2048 is big enough), AES GCM (128 is enough). Use chacha20poly1305 on mobile devices without hardware AES. | |
| Apr 6, 2020 at 16:16 | comment | added | meltinsands | Ok, so I assumed the ecdh-curve and the cipher have to match, but did not find any information so far. Could you please give me a concrete example of a very secure curve and cipher, which would work? | |
| Apr 6, 2020 at 14:42 | comment | added | Z.T. | You want ECDHE, not DHE, and you want Curve25519 / X25519, not brainpool. The cipher suite name part that is RSA or ECDSA must match the type of key in the certificate you're using. You want GCM and you don't want CBC. Also, do you need to specify the cipher list using openssl names or RFC names? See openssl.org/docs/man1.1.1/man1/ciphers.html | |
| Apr 6, 2020 at 13:50 | review | First posts | |||
| Apr 6, 2020 at 18:21 | |||||
| Apr 6, 2020 at 13:46 | history | asked | meltinsands | CC BY-SA 4.0 |