AnsweredAssumed Answered

Why is DHE penalized in handshake score

Question asked by jduncanator on Feb 13, 2014
Latest reply on Feb 14, 2014 by Ivan Ristić

Whilst experimenting with getting as good a score as possible whilst maintaining as much backwards compatibility and security we have been battling over mainting both full forward security in clients that support it whilst also keeping our 100 score in handshake.

 

The issue seems to be that certain clients (for example OpenSSL 0.9.8y) only support forward secrecy with older ciphers that use Diffie-Hellman exchange. As soon as we add in, for example, TLS_DHE_RSA_WITH_AES_256_CBC_SHA as a cipher suite the handshake score drops to 90. Why is DHE penalized in the handshake score and what is the best alternative? I initially thought it was the fact that DSS authentication was now enabled but explicitly excluding DSS didn't help.

 

I have to say lovely test suite, but it would be nice maybe to develop some really simple links to pages that describe the technique to improve a certain aspect of the score. For example, we battled over making sure RC4 was only used in TLS1.0 and earlier because whilst your "Learn More" link described what we needed to do, it didn't tell us how to do it. Eventually we prioritized some other TLS1.1/2 ciphers and all was good, but maybe some example web configs or describing the solution could be added?

 

Thanks for your time!

Outcomes