Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

List of supported cipher suites #217

Closed
felixhammerl opened this issue Feb 13, 2015 · 6 comments
Closed

List of supported cipher suites #217

felixhammerl opened this issue Feb 13, 2015 · 6 comments

Comments

@felixhammerl
Copy link

Hi guys,

first of all, thanks for the amazing work from the creators of Whiteout Mail! We use forge in production to terminate IMAPS on the device when native TLS is not an option, e.g. when the TCP traffic is tunnel from IMAP over a TCP<->WebSockets proxy to the device, see our TCPSocket shim. If you're interested, here is a more verbose architecture sketch. Anyway, it works like a charm and I wanted to express my gratitude :)

One question though: Is there a comprehensive list of the supported cipher suites? I was thinking roughly about something like what OpenSSL provides. If yes, I haven't found it.

Have a good one
Felix
@dlongley
Copy link
Member

Hi @felixhammerl,

Thank you! We're glad forge is helping you build really cool applications :).

One question though: Is there a comprehensive list of the supported cipher suites?

We should add such a list to the readme. We should leave this issue open until we do so. To give you a quick answer, though, the current version of forge has two builtin supported cipher suites:

TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA

We currently only support TLS 1.1 but we're close to having TLS 1.2 support in what will become the 0.7.x branch. Once TLS 1.2 support is finished, we should be able to quickly add support for these cipher suites:

TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384

As forge already supports SHA256, SHA384 and AES GCM. The GCM cipher suites are TLS 1.2 only cipher suites, so we must finish 1.2 support before they can be used. There are also several other cipher suites that we plan to support once we complete some other component parts that are on our road map (#203). For example, Diffie-Hellman support would enable us to add forward secrecy cipher suites such as:

TLS_DH_RSA_*
TLS_DHE_RSA_*

We also have ECC support on the roadmap; once added we can add these cipher suites:

TLS_ECDH_RSA_*
TLS_ECDHE_RSA_*

That would give us support for the most popular TLS 1.2 cipher suites as well as [perfect] forward secrecy. As we have time to work on the roadmap, we'll push forward to support these cipher suites.

@felixhammerl
Copy link
Author

Thanks for the quick answer, that sounds great! Also, looking forward to ECC support :)

@dim2man
Copy link

dim2man commented Mar 26, 2015

Hi guys,

A question about supported cipher suites, do you have any plan to support TLS_SRP_* ones, like TLS_SRP_SHA_WITH_AES_128_CBC_SHA or TLS_SRP_SHA_WITH_AES_256_CBC_SHA?

Thanks,
Dmitry

@dlongley
Copy link
Member

@dim2man, when we get SRP support into forge (see #81), I could see us supporting those cipher suites.

@dim2man
Copy link

dim2man commented Apr 22, 2015

Thank you for the answer. It would be really nice to see SRP support in Forge.

@felixhammerl felixhammerl mentioned this issue Jul 7, 2015
Closed
@felixhammerl felixhammerl mentioned this issue Mar 16, 2016
Closed
@dlongley
Copy link
Member

dlongley commented Oct 5, 2016

Closing as a dup of #81 at this point.

@dlongley dlongley closed this as completed Oct 5, 2016
@ryan-ally ryan-ally mentioned this issue Mar 16, 2021
Open
@snyk-bot snyk-bot mentioned this issue Mar 22, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dlongley @felixhammerl @dim2man