Comment by mxey
16 hours ago
Proper configuration of cryptography should not be abdicated to application developers or operators: https://go.dev/blog/tls-cipher-suites
> The Mozilla SSL Configuration Generator is great, and it should not exist.
16 hours ago
Proper configuration of cryptography should not be abdicated to application developers or operators: https://go.dev/blog/tls-cipher-suites
> The Mozilla SSL Configuration Generator is great, and it should not exist.
Not only is it difficult to make an informed choice, it also incurs a maintenance cost. Cost which is often not paid, resulting in configuration that becomes increasingly sub-optimal as time passes and the SSL/TLS library is updated.
I'm fairly certain that when that generator was made (or article written), OpenSSL and similar already had ciphersuite presets one could use. So it is a bit odd that the generator is not enhancing those.
As an example, in the case of OpenSSL you can combine presets such as "HIGH" with your additional preferences. Such as avoiding non-PFS key exchanges, DoS risks, SHA1 phase out or less frequently used block ciphers. Result being something like "HIGH:!kRSA:!kEDH:!SHA1:!CAMELLIA:!ARIA". Optionally one can also bump up global "SECLEVEL" in OpenSSL's configuration.
Such a combination helps avoid issues like accidentally crippling operations when an ECC key(/cert) is used and someone forgot to allow ECDHE+ECDSA in addition to ECDHE+RSA. Nor does it accidentally disable strong ciphersuites using ChaCha20 that aren't as old.
Same goes for key exchange configuration. Quite a few servers don't have EdDSA available that don't run Windows, I suspect it's because they were set at some point and forgotten. Now such configuration also disables post-quantum hybrid key exchange algorithms.