issues with DHE group parameter selection (PFS is not yet a panacea)
issues with DHE group parameter selection (PFS is not yet a panacea)
Posted Nov 7, 2013 21:20 UTC (Thu) by Trou.fr (subscriber, #26289)In reply to: issues with DHE group parameter selection (PFS is not yet a panacea) by dkg
Parent article: Let's talk about perfect forward secrecy
Also, it should be noted that Microsoft server-side implementations of TLS do NOT honor the order in which cipher suites are presented by the client.
It always uses the order configured on the server. Before Windows 2008 and Crypto-NG, no cipher suite allowed DHE with RSA and even after, ciphers suites with PFS are at the end.
A paranoid mind could see the hand of the NSA here :)