With the recent introduction in NSS 3.3 of 5 new ciphersuites using the DHE key exchange algorithm (KEA) and the forthcoming introduction in NSS 3.4 of 6 ciphersuites that use the new AES block cipher, it is time to revisit the order of preference of the ciphersuites. The preference order shown below is the one I propose to use in NSS 3.4. The list below is intended to reflect these priorities: 1. SSL3/TLS suites all come before any SSL2 suites, because no SSL2 suite is chosen unless SSL3 and TLS are disabled. 2. Ciphersuites are grouped in order by descending strength of the bulk cipher, with 3-key triple-DES treated as having 112-bit cipher strength. Note that some bulk ciphers appear in more than one group, e.g., RC4 is used with 128-bit, 56-bit, and 40-bit keys. 3. Among groups of the same strength, preference is given by the key exchange algorithm (KEA) used in this order: Fortezza KEA (combines DH and DHE), DHE (both DHE_RSA & DHE_DSS), RSA (domestic - public key size unlimited) RSA (export - 1024 bit public key limit) RSA (export - 512 bit public key limit) 4. Among suites with the same block cipher strength and the same KEA, preference is given in this order: RC4, AES, DES, RC2 (These may appear in the same group because of 56-bit or 40-bit export key exchange) 5. Among suites with the same block cipher strength, KEA and block cipher, that differ by server authentication algorithm, (e.g. DHE_RSA and DHE_DSS), preference is given to RSA authentication before DSS auth. 6. The two special "FIPS" SSL3 ciphersuites are each given immediate preference to their non-FIPS SSL3 equivalents. /* 256-bit */ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, /* 128-bit */ SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, TLS_DHE_DSS_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, /* 112-bit 3-key 3DES */ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* 80 bit skipjack */ SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* KEA + SkipJack */ /* 56-bit DES "domestic" DES cipher suites */ SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, /* 56-bit export ciphersuites with 1024-bit public key exchange keys */ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* 40-bit export ciphersuites with 512-bit public key exchange keys */ SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* ciphersuites with no encryption */ SSL_FORTEZZA_DMS_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, /* SSL2 cipher suites. */ SSL_EN_RC4_128_WITH_MD5, SSL_EN_RC2_128_CBC_WITH_MD5, SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL_EN_DES_64_CBC_WITH_MD5, SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5,
The order cited above is now checked in on the trunk.
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 3.4
You need to log in before you can comment on or make changes to this bug.