3

May I know which are all forward secrecy ciphers supported in TLSv1.0 protocols?

OtherDevOpsGene
  • 1,475
  • 12
  • 12
PURE
  • 31
  • 1
  • 4

1 Answers1

4

As listed in the OpenSSL docs, the following TLS 1.0 suites support PFS via Diffie-Hellman Ephemeral:

 TLS_DHE_DSS_WITH_DES_CBC_SHA            DHE-DSS-CBC-SHA
 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
 TLS_DHE_RSA_WITH_DES_CBC_SHA            DHE-RSA-DES-CBC-SHA
 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA

 TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
 TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
 TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
 TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA

 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  DHE-DSS-CAMELLIA128-SHA
 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  DHE-DSS-CAMELLIA256-SHA
 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  DHE-RSA-CAMELLIA128-SHA
 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  DHE-RSA-CAMELLIA256-SHA

 TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
 TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA

If we include the Elliptic Curve ciphers, the following also implement PFS:

 TLS_ECDHE_RSA_WITH_NULL_SHA             ECDHE-RSA-NULL-SHA
 TLS_ECDHE_RSA_WITH_RC4_128_SHA          ECDHE-RSA-RC4-SHA
 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     ECDHE-RSA-DES-CBC3-SHA
 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      ECDHE-RSA-AES128-SHA
 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      ECDHE-RSA-AES256-SHA

 TLS_ECDHE_ECDSA_WITH_NULL_SHA           ECDHE-ECDSA-NULL-SHA
 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        ECDHE-ECDSA-RC4-SHA
 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   ECDHE-ECDSA-DES-CBC3-SHA
 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    ECDHE-ECDSA-AES128-SHA
 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    ECDHE-ECDSA-AES256-SHA

If you also want to include TLS 1.2 (note that there are no TLS 1.1 specific suites) then you can expand the list to include:

 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       DHE-RSA-AES128-SHA256
 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       DHE-RSA-AES256-SHA256
 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       DHE-RSA-AES128-GCM-SHA256
 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       DHE-RSA-AES256-GCM-SHA384

 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       DHE-DSS-AES128-SHA256
 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       DHE-DSS-AES256-SHA256
 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       DHE-DSS-AES128-GCM-SHA256
 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       DHE-DSS-AES256-GCM-SHA384

 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     ECDHE-RSA-AES128-SHA256
 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     ECDHE-RSA-AES256-SHA384
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     ECDHE-RSA-AES128-GCM-SHA256
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     ECDHE-RSA-AES256-GCM-SHA384

 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   ECDHE-ECDSA-AES128-SHA256
 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDHE-ECDSA-AES256-SHA384
 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDHE-ECDSA-AES128-GCM-SHA256
 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDHE-ECDSA-AES256-GCM-SHA384

 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384

 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-RSA-CAMELLIA128-SHA256
 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-RSA-CAMELLIA256-SHA384
Polynomial
  • 135,049
  • 43
  • 306
  • 382
  • polynomial , how to check which Forward secrecy ciphers enabled for TLSv1.0 in tomcat 6.0.28? – PURE Dec 04 '14 at 15:30
  • @PURE That's a separate question which would be better asked at ServerFault, but you could either use ssl-cipher-suite-enum (free script, but full disclosure: I work there) to test a live instance, or check your config files. I don't know where the TLS config is kept in Tomcat, though. – Polynomial Dec 04 '14 at 15:32
  • 1
    eNULL and "EXPORT" suites use DHE or ECDHE key exchange but don't provide even current secrecy much less forward. Also which suites are supported by a Tomcat server depends partly on its configuration, particularly the certificate(s?) it uses and whether it uses APR aka tcnative (which is OpenSSL inside) or the Java SSL/TLS implementation JSSE. DHE-DSS suites require a DSS cert and I don't think any public CA issues those (only some government-internal ones). – dave_thompson_085 Dec 05 '14 at 05:35
  • @dave_thompson_085,I am using JSSE connector (jdk 1.6,tomcat6), May I use ECDHE suites, since it supports forward secrecy. – PURE Dec 05 '14 at 07:33
  • JDK (or JRE) 1.6 JSSE supports ECDHE suites (and other ECC features) only if a crypto (JCE) provider for ECC primitives is available, which it is not by default. Your options are to obtain and install a suitable ECC provider -- I like www.bouncycastle.org -- or to upgrade to Java 7 or 8 which include an ECC provider -- and are in support which 1.6 is not. For your connections to use these suites also requires the browsers or other clients that connect to you support and prefer or require ECDHE, and if they want only one of ECDHE-RSA or ECDHE-ECDSA (IME rare) your server-key&cert must match. – dave_thompson_085 Dec 05 '14 at 23:07