AnsweredAssumed Answered

Testing for true Forward Secrecy

Question asked by BoerenkoolMetWorst on Feb 15, 2014
Latest reply on Feb 26, 2014 by BoerenkoolMetWorst

(EC)DHE cipher suites do not guarantee Forward Secrecy. It depends how the server is configured, is there any way SSLtest can detect this?
Quote:

"So, to be clear about ECDHE and DHE, the server *CAN* provide perfect

forward secrecy, but it doesn't have to. The "ephemeral key" could

simple be another permanent key (or one of several thousands). It's

important to note that a properly implemented DHE/ECDHE is 3 times

slower than DH or ECDH (The latter does a signature, key gen, and key

derive (each doing one group operation), the former simply does a

derive). This cost is born by the server."

 


Also it can be killed by Session Tickets:
https://www.imperialviolet.org/2013/06/27/botchingpfs.html

Is there a way to test for proper Session Tickets implementation?

 

Btw, I saw that if your browser does not support Session Tickets, the SSL Client test will show a yellow No. I thought that Session Tickets are mainly for decreasing resource usage on servers, or does it also bring security?

Outcomes