Support by various browsers for Perfect Forward Secrecy

Background: Perfect Forward Secrecy – how the NSA can monitor encrypted websites and how to prevent it.

From link contained in SSL: Intercepted today, decrypted tomorrow:

Client Capabilities: IE 11 / Win 8.1. Notice that "Forward Secrecy" ciphersuites are not first in order of preference for IE 11 on Win 8.1.

Test your browser's capabilities: https://www.ssllabs.com/ssltest/viewMyClient.html.

List of some companies that do and don't use Perfect Forward Secrecy: https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what.

Related Wilders thread: A simple SSL tweak could protect you from GCHQ/NSA snooping.

 

SSL Server Test

 

Changing IE's SSL cipher order

 

If you care about Perfect Forward Secrecy, and you're an Internet Explorer user, apparently you should do both of these:
a) Use IE 11 if possible. IE 10 got bad results - see post #1.
b) Make all Perfect Forward Secrecy ciphersuites have preference over any non-Perfect Forward Secrecy ciphersuites - see post #3.

 

How to check if the HTTPS connection is using perfect forward secrecy?

 

From link contained in SSL: Intercepted today, decrypted tomorrow:

If that's still true, then looking at https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=11&platform=Win 7, if you want the best browser availability of Perfect Forward Secrecy, IMHO you shouldn't use Internet Explorer, not even Internet Explorer 11.

 

Internet Explorer: Alt key -> File -> Properties. Look at Connection section. If you see "ECDH" then you've got Perfect Forward Secrecy for the given site.

Firefox: click padlock -> More Information -> Security tab. Look at Technical Details. If you see "ECDHE" or "DHE" then you've got Perfect Forward Secrecy for the given site.

Edit: see post #20 for possible exceptions.

 

Related thread: SSL Labs SSLTest gets a nice update.

Note: if you're using Win XP, you must use a browser other than Internet Explorer if you want to use Perfect Forward Secrecy.

 

I've ran a lot of sites through SSL Labs for fun- with some of the really bad ratings I even tried to contact the site owners and see if they could improve (one of which was a hospital records site still allowing SSL 2).

But not a lot of sites support Perfect Forward Secrecy.

edit

Ha, Patreon has a lot better rating now (was getting a C, now gets an A). I'd like to think I contributed to it. PROBABLY NOT, but I least called it in and they said they'd forward my message to the tech team or whatever. I guess some sites do listen.

 

If you find a site using the Diffie-Hellman algorithm, could you please tell me?

 

If serious, how would I know? Would it show it on the results page of SSL Labs?

I don't know a ton about HTTPS. Hell, this year I'm just learning about CAs and TLS. And I've tried my best to get the gist of HTTPS Everywhere's how to deploy correctly page.

 

Yes it would, but nevermind because I found one now .

 

I found https://www.unitedadmins.com/ and https://www.xs4all.nl/.

 

SSL Pulse Now Tracking Forward Secrecy and RC4

I believe that the reason for the huge Forward Secrecy percentage point difference between "Some FS [Forward Secrecy] suites enabled" and "Used with modern browsers" is mostly due to the lack of support for Forward Secrecy on Internet Explorer. For example, use https://www.ssllabs.com/ssltest/ on the sites in post #13.

 

I've updated post #7. I tested Chrome also; the thread linked to in post #7 is correct.

If you want to test others browsers/programs, for DHE you can test https://www.unitedadmins.com/, and for ECDHE you can test https://www.wilderssecurity.com.

 

Also see SSL/TLS analysis of the Internet's top 1,000,000 websites.

 

In looking at posts #1, #6, #14, and #16, you get a lot better Perfect Forward Secrecy website coverage on most modern non-Internet Explorer browsers than modern Internet Explorer browsers. And if you're using Internet Explorer on Windows XP, you get no Perfect Forward Secrecy at all.

 

From Perfect Forward Secrecy in the Netcraft Extension:

 

'elliptic curve' ?
Bruce Schneier can break elliptic curve cryptography by bending it to a circle.

 

I've tried to find the reason for the statement

at https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=11&platform=Win 8.1. Here's what I've come up with so far: RSA vs. DSA for SSH authentication keys (DSA=DSS for the purposes of this discussion).

 

A (relatively easy to understand) primer on elliptic curve cryptography

 

Are the NIST Standard Elliptic Curves Back-doored?
Should we trust the NIST-recommended ECC parameters?

 

From SSL/TLS analysis of the Internet's top 1,000,000 websites:

So I don't understand the statement in post #20.

 

Misconceptions About Forward-secrecy

 

ECDHE/DHE doesn't necessarily mean true Forward Secrecy:
https://www.imperialviolet.org/2013/06/27/botchingpfs.html

Thanks, I didn't know about that.
Keep in mind though that ECDH does not support Forward Secrecy, ECDHE does. The E stands for Ephemeral and means it uses a different key everytime instead of a static one.
However, IE somehow displays ECDHE as ECDH. If it says ECDH you should be fine because it doesn't actually support ECDH ciphers, only ECDHE.

It seems to me that DSA is restricted to 1024 bits by some standards and software.
Certificates with 1024 bit RSA keys are no longer supported and 2048 bit is the standard now:
http://portal.chicagonettech.com/news/15/1024-bit-rsa-key-size-end-of-life-announced.aspx

When using ECDHE/DHE however, that is being used for the key exchange, not RSA.
Unfortunately, on a lot of sites the DH key size is only 1024 bit(example)
A lot of server software still uses 1024 bit as the default size , including the popular Apache.
http://www.gossamer-threads.com/lists/apache/dev/427255
And a lot of servers don't use the most recent versions, so miss out on improvements on this.
For ECDHE, a 256 bit curve is often used as default, which is equal to 3072 bits RSA according to SSL Labs.