AW: HTTP/2 without forward secrecy (Diffie-Hellman)

Lukas Tribus luky-37 at hotmail.com
Tue Aug 16 15:11:55 UTC 2016


> This is a false statement, nginx doesn't do any restriction
> regarding HTTP/2 and TLS ciphers configuration.

Good thing, likely the restriction is on the browser side and Apache was not configured with the same exact cipher suite.



> The list you are mentioning and which is directly linked in the nginx
> example uses the MAY keyword

The MAY keyword is regarding the* error handling in case the cipher is blacklisted*, but it is section 9.2.2 of the RFC that defines the behavior, and uses "SHOULD NOT". Still not a violation of the RFC, you are right. An indeed it seems this part of the RFC is implemented on the browser side, rather than on the server.


Be that as it may, the configuration is invalid for HTTP/2, and here is the *MUST*:
> deployments of HTTP/2 that use TLS 1.2 *MUST* support
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [TLS-ECDHE]
> with the P-256 elliptic curve [FIPS186].


So as I said initially, using keyfiles is the way to go, you cannot always change your production configuration for a sniff anyway, and you may not always have access to the server. So better get familiar with the keyfile handling and be done with it.


Lukas



More information about the nginx mailing list