Add AES-CCM ciphers to all settings #279
Comments
|
CCM_8 has weak integrity guarantees so we shouldn't enable them by default, those are useful only for specific environments adding CCM with the full 16 byte tag it probably a good idea |
|
Related comments from @april about TLS_AES_128_CCM_SHA256 and TLS_AES_128_CCM_8_SHA256 ciphers: mozilla/ssl-config-generator#124 (comment)
mozilla/ssl-config-generator#124 (comment)
So, recommending to enable TLS_AES_128_CCM_SHA256 by default in the Mozilla Server Side TLS document and the SSL Configurator is not a good idea. |
|
It may be useful to add a note into Rationale section in https://wiki.mozilla.org/Security/Server_Side_TLS explaining why these ciphers are not included in the guidelines, and some of the explanations above about when an admin might consider adding them. |
The AES-CCM ciphers and ciphersuites are missing from the Mozilla Server Side TLS document and the SSL Configurator. This cipher mode was ratified by the IETF in 2012 in RFC 6655, and are included in recent versions of OpenSSL. According to Wikipedia, they may provide better performance on embedded and low-power devices, and the cipher mode is also used in WPA2 CCMP and Bluetooth Low Energy. Despite poor support by web browsers, they are considered safe, and I feel that they should be added to the list of acceptable ciphers.
TLS 1.3 offers these ciphersuites (available in OpenSSL 1.1.1, but disabled by default):
TLS_AES_128_CCM_SHA256TLS_AES_128_CCM_8_SHA256TLS 1.2 offers these ciphers:
TLS_ECDHE_ECDSA_WITH_AES_128_CCMTLS_ECDHE_ECDSA_WITH_AES_128_CCM_8TLS_ECDHE_ECDSA_WITH_AES_256_CCMTLS_ECDHE_ECDSA_WITH_AES_256_CCM_8TLS_DHE_RSA_WITH_AES_128_CCM_8TLS_DHE_RSA_WITH_AES_256_CCM_8TLS_DHE_RSA_WITH_AES_128_CCMTLS_DHE_RSA_WITH_AES_256_CCMThe text was updated successfully, but these errors were encountered: