I get ssl_error_unsafe_negotiation pretty much everywhere
Disclaimer: I am no crypto expert.
I want to use a strong digest and 256 bit encryption
I can check in Firefox by clicking on the lock icon in the address bar and looking at the details of the site, if I am in fact running with Camellia-256 encryption. This worked well with Mulle kybernetiK, which is running a pretty much stock Apache server and the GLS Bank, but not much else.
So I had to enable some other cipher suit. My next candidate is
This brings back all websites I care about, even those US sites, which usually per default want you to use RC4 (!) and 128 bit (Amazon, Apple).
Amazon though, now looks weird, because their images server can't deal with it.
require_safe_negotiation against MITM attacks
I also would like to set require_safe_negotiation, which I believe prevents some forms of man in the middle (MITM) attacks. I assume this is a way to fix the TLS Renegotiation Attack, but that's just an uneducated guess. Since the NSA is potentially on every router, this would be surely nice to have:
Alas Mulle kybernetiK doesn't mind, Amazon.com doesn't mind, but pretty much everybody else gives me ssl_error_unsafe_negotiation.
Currently, you can't really enable it. Since the MITM attack seems limited (write only, but not read). I can and have to live with it.
enable forward secrecy
After reading the SSL Labs: Deploying Forward Secrecy article, it seemed like a good idea, to move from rsa to dhe. I don't really trust EC stuff yet, so I ignored the ecdhe recommendation and I kind of wonder why the article would recommend to enable anything with RC4 in it, but as I said before, I am no crypto expert.
I changed my security settings in the Firefox configuration to
security.ssl3.dhe_rsa_aes_128_sha;true security.ssl3.dhe_rsa_aes_256_sha;true security.ssl3.dhe_rsa_camellia_128_sha;true security.ssl3.dhe_rsa_camellia_256_sha;true
I dropped down to 128 bit encryption for compatibility, but because of the forward secrecy I "feel" safer than with the old configuration. This is actually looking quite useable on almost all sites even amazon.com. But google freaks out :(
When you look at it with the SSL Labs tool, it shows that it doesn't support DHE and it doesn't support CAMELLIA. Sure would be happy with the NSA favored ECDHE though...
brings back google.com and
would bring back mozilla.org. But I leave that off for now.
A detailed german article NSA abhörsichere SSL-Verschlüsselung für Apache und nginx that covers this topic in much better form and detail. Looks like I should be moving to GCM as soon as it's available for me (Firefox on 10.9)