More detailed configuration options for TLS

29 November 2015, 20:45
Would it be possible to add more detailed/fine-grained configuration options for TLS? Right now, I can only choose between various TLS versions, but I cannot enable or disable specific ciphersuites, and I cannot change the order in which the server offers the ciphersuites to the client. In my specific usecase, I'd like to be able to completely disable CBC ciphersuites and ciphersuites using the RSA key exchange to ensure that only suites providing perfect forward secrecy and authenticated encryption (AEAD) are offered/used.

So in essence, this would probably boil down to a possibility to use mbedtls_ssl_conf_ciphersuites() from the Hiawatha configuration file (preferably both on a "server-wide" and on a "per virtual host" basis).
Hugo Leisink
29 November 2015, 22:27
The current ciphersuite selection is good. Hiawatha doesn't support unsecure suites, so disabling certain suites only results in clients not being able to connect. What's the point in that?
1 December 2015, 23:27
I'd still prefer to *just* use AEAD ciphersuites because they are less likely to be vulnerable to timing attacks than CBC. Although the Lucky Thirteen attack was "only" an implementation issue, the fact that all major TLS implementation (including PolarSSL) were vulnerable to the same sidechannel attack makes me wanna choose a set of cipher suites where the attack surface for such attacks is as small as possible.
Hugo Leisink
1 December 2015, 23:44
You can always edit src/tls.c and change the cipher selection...
This topic has been closed.