book cover

Bulletproof TLS Guide  

Comprehensive and yet concise guide to practical SSL/TLS and PKI configuration. Includes coverage of TLS server configuration and web application security. Written by Ivan Ristić.

1.2.3 Use a Strong Key Exchange

In recent years, the DHE key exchange fell out of fashion; many modern clients no longer support it. As a result, there is only one widely supported secure option for the key exchange, and that's ECDHE. Although DHE suites do have some issues, they are not likely to be a problem in practice if used only as fallback. You shouldn't use the RSA key exchange (not to be confused with RSA keys) because in that case you lose forward security.

For key exchange to be secure, ECDHE and DHE have to be used with secure parameters. For ECDHE, the parameters are called named curves and only two are practical: X25519 and P-256 (also known as sec256r1). For DHE (if using), ensure the parameters provide 2,048 bits of security. Some server software provides secure DHE parameters out of the box; with others, you'll have to provide your own.

< Prev
^ Table of Contents
Next >