263
edits
Changes
GC HTTPS Web Server Config (view source)
Revision as of 17:00, 14 February 2019
, 17:00, 14 February 2019→TLS Cipher Suite Support
<br>
<br>
===HTTP/2===
HTTP/2 (finalized in 2015) is a backwards-compatible update to HTTP/1.1 (finalized in 1999) that is optimized for the modern web.
HTTP/2 includes many features that can drastically speed up website performance, and emerged from the advancements Google demonstrated with SPDY in 2009.
While HTTP/2 does not require the use of encryption in its formal spec, every major browser that has implemented HTTP/2 has only implemented support for encrypted connections, and no major browser is working on support for HTTP/2 over unencrypted connections.
This means that in practice, ''the major performance benefits of HTTP/2 first require the use of HTTPS''.
* [https://http2.github.io/faq/ HTTP/2 Working Group FAQ]
* [https://tools.ietf.org/html/rfc7540 RFC 7540], the final spec
<br>
===TLS 1.3===
Updates to the GC recommended cipher suites list will prioritize TLS 1.3 cipher suites over TLS 1.2.
<br>
TLS 1.3 differs from TLS 1.2 and earlier versions of TLS in several substantial ways, in addition to the cipher suite changes; these changes result in it not being directly compatible with the earlier versions of TLS. The following is a list of the major functional differences between TLS 1.2 and TLS 1.3. It is not intended to be exhaustive and there are many minor differences. <ref>Internet Engineering Task Force (IETF) TLS 1.3 Internet-Draft</ref>
<br />
* The list of supported symmetric algorithms has been pruned of all algorithms that are considered legacy. Those that remain all use Authenticated Encryption with Associated Data (AEAD) algorithms. The cipher suite concept has been changed to separate the authentication and key exchange mechanisms from the record protection algorithm (including secret key length) and a hash to be used with the key derivation function and HMAC.
* A 0-RTT mode was added, saving a round-trip at connection setup for some application data, at the cost of certain security properties. Admins should be aware of the security implications of 0-RTT, detailed in [https://tools.ietf.org/html/rfc8446 RFC 8446 Appendix E.5].
* Static RSA and Diffie-Hellman cipher suites have been removed; all public-key based key exchange mechanisms now provide forward secrecy.
* All handshake messages after the ServerHello are now encrypted. The newly introduced EncryptedExtension message allows various extensions previously sent in clear in the ServerHello to also enjoy confidentiality protection from active attackers.
* The key derivation functions have been re-designed. The new design allows easier analysis by cryptographers due to their improved key separation properties. The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is used as an underlying primitive.
* The handshake state machine has been significantly restructured to be more consistent and to remove superfluous messages such as ChangeCipherSpec (except when needed for middlebox compatibility).
* Elliptic curve algorithms are now in the base spec and new signature algorithms. Recommended curve algorithms are found in the table below.
* The TLS 1.2 version negotiation mechanism has been deprecated in favor of a version list in an extension. This increases compatibility with existing servers that incorrectly implemented version negotiation.
* Session resumption with and without server-side state as well as the Pre-Shared Key (PSK)-based cipher suites of earlier TLS versions have been replaced by a single new PSK exchange.
* Updated references to point to the updated versions of RFCs, as appropriate (e.g., RFC 5280 rather than RFC 3280).
<br />
{| class="wikitable"
|-
! Recommended TLS 1.3 Supported Groups !! RFC Details
|-
| secp256r1 || [https://tools.ietf.org/html/rfc8422 RFC 8422]
|-
| secp384r1 || [https://tools.ietf.org/html/rfc8422 RFC 8422]
|-
| secp521r1 || [https://tools.ietf.org/html/rfc8422 RFC 8422]
|-
| ffdhe2048 || [https://tools.ietf.org/html/rfc7919 RFC 7919]
|-
| ffdhe3072 || [https://tools.ietf.org/html/rfc7919 RFC 7919]
|-
| ffdhe4096 || [https://tools.ietf.org/html/rfc7919 RFC 7919]
|-
| ffdhe6144 || [https://tools.ietf.org/html/rfc7919 RFC 7919]
|-
| ffdhe8192 || [https://tools.ietf.org/html/rfc7919 RFC 7919]
|}
<br />
For a complete list of major differences, see the [https://tools.ietf.org/html/draft-ietf-tls-tls13-28 Transport Layer Security (TLS) Protocol Version 1.3 specification], section 1.3.
<br />
===Load Balancing and Reverse Proxies===
===Load Balancing and Reverse Proxies===