Rob_T

RFC 7525 "Recommendations for Secure Use of Transport Layer Security (TLS)"

Discussion created by Rob_T on May 8, 2015
Latest reply on May 12, 2015 by tlussnig

Hi

 

fyr , maybe this new RFC should be added to SSL LABS scoring considerations.

 

Here a small summary  of:

https://www.rfc-editor.org/rfc/rfc7525.txt

"Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)"

 

 

 

Cipher Implementations

 

"MUST NOT":

- SSLv3
- RC4
- Ciphers with key length below 112bit (so e.g 56)
- Null Encrypt

 

"SHOULD NOT":
- Ciphers with key length below 128bit (especially 3DES cause effective length is like 112bit not 168bit)

- Static RSA

 

"MUST" Support
- Forward Security

 

"SHOULD"
- minimum 2048bit DH Key exchange

 

 

BR,
Rob

Outcomes