Home Books Training Newsletter Resources
Sign up Log in
book cover

Bulletproof TLS Guide  

Comprehensive and yet concise guide to practical SSL/TLS and PKI configuration. Includes coverage of TLS server configuration and web application security. Written by Ivan Ristić.


1.2.3 Use a Strong Key Exchange

In recent years, the DHE key exchange fell out of fashion, so much so that modern clients no longer support it. As a result, there is only one widely supported secure option for the key exchange, and that's ECDHE. Although DHE suites do have some issues, they are not likely to be a problem in practice if used only as fallback. You shouldn't use the RSA key exchange (not to be confused with RSA authentication) because in that case you lose forward security.

For key exchange to be secure, ECDHE and DHE have to be used with secure parameters. For ECDHE, the parameters are called named curves and only two are practical: X25519 and P-256 (also known as sec256r1). For DHE (if using), ensure the parameters provide 2,048 bits of security. Some server applications provide secure DHE parameters out of the box; with others, you'll have to provide your own.

The first standardized post-quantum cryptography algorithms became available in August 2024. Among them is ML-KEM, a new key exchange that is thought to be secure against both classical and post-quantum attacks. Although post-quantum computers could be many years away, capable attackers can capture encrypted network traffic today, only to decrypt it later. For this reason, the time to deploy quantum-safe key exchange is now. In TLS, ML-KEM is not deployed on its own, but in combination with ECDHE; this hybrid approach provides additional safety in case ML-KEM, a very young primitive by any standard, is found to be flawed in some way.

< Prev
^ Table of Contents
Next >
@feistyduck

Books

  • Bulletproof TLS and PKI
  • ModSecurity Handbook
  • OpenSSL Cookbook

Training

  • Practical TLS and PKI

Resources

  • Newsletter
  • SSL/TLS and PKI History
  • Archived Books
  • Bulletproof TLS Guide

Company

  • Support
  • Website Terms of Use
  • Terms and Conditions
  • Privacy Policy
  • About Us