Finding a good cipher for your web server is not an easy task. openssl ciphers -v ALL:COMPLEMENTOFALL lists all the available ciphers on your system.
What we don’t want
- SSLv3 that is no longer secure.
- 128 bit encryption is too weak
- no encrytion cipther ;)
- DSS cipher for key auth
- DHE-RSA-AES256-SHA is no longer secure
- TLSv1 no longer secure
- PSK ( pre shared key) cipher
- CAMELLIA
- CBC cipher because of the BEAST attack
- RSA because of FREAK and SMACK and ROBOT
- Au=None
- AESCCM it is also a Cipher Block Chaining (CBC)
That gives us:
openssl ciphers -v ALL:COMPLEMENTOFALL | grep -v "SSLv3" | grep -v "(128)" | grep -v "Enc=None" | \ grep -v "Au=DSS" | grep -v "DHE-RSA-AES256-SHA" | grep -v "TLSv1 " | grep -v "Au=PSK" | grep -v "Kx=RSAPSK" | \ grep -v "CAMELLIA" | grep -v "CBC" | grep -v "Au=RSA" | grep -v "Au=None" | grep -v "Enc=AESCCM"
now choose your poison.
Why is CCM bad? Does using CBC as a primitive cause it to inherit some of CBC’s problems somehow, despite being AEAD?
AESCCM / Authenticated Encryption with Associated Data (AEAD) (+ Counter with CBC-MAC) is an operation mode of CBC and it has the same problems.
openssl ecparam -list_curves