Confirm
529
edits
Changes
no edit summary
|-
| <span style="color:green;">'''READY'''</span> ||
* Version 3.6: ulfr: bump intermediate DHE to 2048, add note about java compatibility
* Version 3.5: alm: comment on weakdh vulnerability
* Version 3.4: ulfr: added note about session resumption, HSTS and HPKP
</tr></table>
Updates to this page should be submitted to the [[https://github.com/mozilla/server-side-tls source repository on github]].
If you are looking for the configuration generator, follow this link: [[https://mozilla.github.io/server-side-tls/ssl-config-generator/ https://mozilla.github.io/server-side-tls/ssl-config-generator/]].
= Recommended configurations =
* Versions: '''TLSv1, TLSv1.1, TLSv1.2'''
* RSA key size: '''2048'''
* DH Parameter size: '''10242048''' (prefer 2048 if java support is not neededsee [Security/Server Side TLS#DHE_and_Java DHE and Java] for details)
* Elliptic curves: '''secp256r1, secp384r1, secp521r1''' (at a minimum)
* Certificate signature: '''SHA-256'''
-----END DH PARAMETERS-----
</source>
== DHE and Java ==
Java 6 and 7 do not support Diffie-Hellman parameters larger than 1024 bits. If your server expects to receive connections from java 6 clients and wants to enable PFS, it must provide a DHE parameter of 1024 bits.
The case of Java 7 is a bit different. Java 7 supports ECDHE ciphers, so if the server provides ECDHE and prioritizes it before DHE ciphers using server side ordering, then Java 7 will use ECDHE and not care about the size of the DHE parameter. In this situation, the server can use 2048 bits DHE parameters for all other clients.
However, if the server does not support ECDHE, then Java 7 will use DHE and fail if the parameter is larger than 1024 bits. When failing, the handshake will not attempt to fall back to the next cipher in line, but simply fail with the error "java.lang.RuntimeException: Could not generate DH keypair".
{| class="wikitable"
|-
! Java supported !! ECDHE prioritized !! smallest DH parameter size
|-
| 6 || irrelevant || 1024
|-
| 7 || NO || 1024
|-
| 7 || YES || 2048
|-
| 8 || irrelevant || 2048
|}
= OCSP Stapling =
