• SecurityProtocolsWorkingGroup
• SslCiphers

SSL Ciphers

firefox

this is what firefox lists in about:config. that does not mean it actually supports them, but it does lead one to be hopeful:

• security.ssl3.dhe_dss_aes_128_sha
  security.ssl3.dhe_dss_aes_256_sha
  security.ssl3.dhe_dss_des_ede3_sha
  security.ssl3.dhe_dss_des_sha
  security.ssl3.dhe_rsa_aes_128_sha
  security.ssl3.dhe_rsa_aes_256_sha
  security.ssl3.dhe_rsa_des_ede3_sha
  security.ssl3.dhe_rsa_des_sha
  security.ssl3.rsa_1024_des_cbc_sha
  security.ssl3.rsa_1024_rc4_56_sha
  security.ssl3.rsa_aes_128_sha
  security.ssl3.rsa_aes_256_sha
  security.ssl3.rsa_des_ede3_sha
  security.ssl3.rsa_des_sha
  security.ssl3.rsa_fips_des_ede3_sha
  security.ssl3.rsa_fips_des_sha
  security.ssl3.rsa_rc2_40_md5
  security.ssl3.rsa_rc4_128_md5
  security.ssl3.rsa_rc4_128_sha
  security.ssl3.rsa_rc4_40_md5

discussion

• HIGH: a good place to start, we don't want the low ciphers. They suck!
• MEDIUM: 128 bits is still pretty good.
• -SSLv2: there are all kinds of problems with SSLv2. we don't want it!
• -RSA: it would be nice to disable RSA because of the "perfect forward secrecy problem". This makes it so that aliens can sniff your server, then later steal the key and decrypt what they sniffed. it is unknown if we can get this to work in firefox.
• -aNULL: probably not needed, but we want authentication, so remove ciphers without it.

proposed ciphers

openssl ciphers -v HIGH:MEDIUM:-SSLv2:-aNULL:-RSA

• ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
  ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
  ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
  ECDH-RSA-AES128-SHA     SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
  ECDH-RSA-DES-CBC3-SHA   SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
  ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
  ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
  ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH     Au=ECDSA Enc=3DES(168) Mac=SHA1
  DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
  DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
  DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
  DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
  EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
  EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
  DHE-DSS-RC4-SHA         SSLv3 Kx=DH       Au=DSS  Enc=RC4(128)  Mac=SHA1

The ECDH are elliptic curve cryptography versions of DH+DSA. The elliptic curve counterparts are faster because they can use shorter key lengths for the same degree of security. probably not supported by any clients yet.