TLS: recomendações e vulnerabilidade Logjam

Acabam de sair recomendações do IETF sobre o TLS: RFC 725

   Transport Layer Security (TLS) and Datagram Transport Layer Security
   (DTLS) are widely used to protect data exchanged over application
   protocols such as HTTP, SMTP, IMAP, POP, SIP, and XMPP.  Over the
   last few years, several serious attacks on TLS have emerged,
   including attacks on its most commonly used cipher suites and their
   modes of operation.  This document provides recommendations for
   improving the security of deployed services that use TLS and DTLS.
   The recommendations are applicable to the majority of use cases.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   4
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   5
   3.  General Recommendations . . . . . . . . . . . . . . . . . . .   5
     3.1.  Protocol Versions . . . . . . . . . . . . . . . . . . . .   5
       3.1.1.  SSL/TLS Protocol Versions . . . . . . . . . . . . . .   5
       3.1.2.  DTLS Protocol Versions  . . . . . . . . . . . . . . .   6
       3.1.3.  Fallback to Lower Versions  . . . . . . . . . . . . .   7
     3.2.  Strict TLS  . . . . . . . . . . . . . . . . . . . . . . .   7
     3.3.  Compression . . . . . . . . . . . . . . . . . . . . . . .   8
     3.4.  TLS Session Resumption  . . . . . . . . . . . . . . . . .   8
     3.5.  TLS Renegotiation . . . . . . . . . . . . . . . . . . . .   9
     3.6.  Server Name Indication  . . . . . . . . . . . . . . . . .   9
   4.  Recommendations: Cipher Suites  . . . . . . . . . . . . . . .   9
     4.1.  General Guidelines  . . . . . . . . . . . . . . . . . . .   9
     4.2.  Recommended Cipher Suites . . . . . . . . . . . . . . . .  11
       4.2.1.  Implementation Details  . . . . . . . . . . . . . . .  12
     4.3.  Public Key Length . . . . . . . . . . . . . . . . . . . .  12
     4.4.  Modular Exponential vs. Elliptic Curve DH Cipher Suites .  13
     4.5.  Truncated HMAC  . . . . . . . . . . . . . . . . . . . . .  14
   5.  Applicability Statement . . . . . . . . . . . . . . . . . . .  15
     5.1.  Security Services . . . . . . . . . . . . . . . . . . . .  15
     5.2.  Opportunistic Security  . . . . . . . . . . . . . . . . .  16
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  17
     6.1.  Host Name Validation  . . . . . . . . . . . . . . . . . .  17
     6.2.  AES-GCM . . . . . . . . . . . . . . . . . . . . . . . . .  18
     6.3.  Forward Secrecy . . . . . . . . . . . . . . . . . . . . .  18
     6.4.  Diffie-Hellman Exponent Reuse . . . . . . . . . . . . . .  19
     6.5.  Certificate Revocation  . . . . . . . . . . . . . . . . .  19
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  21
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .  21
     7.2.  Informative References  . . . . . . . . . . . . . . . . .  22
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  26
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  27


Apareceu também um artigo sobre uma nova vulnerabilidade no TLS: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice