ssleuth icon indicating copy to clipboard operation
ssleuth copied to clipboard

Published 20 hours ago verified publisher icon sibiantony

Display elliptic curves

Open rugk opened this issue 9 years ago • 8 comments

It would be nice if the used elliptic curves could be displayed.

More information:

  • https://security.stackexchange.com/questions/31772/what-elliptic-curves-are-supported-by-browsers
  • https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations#Supported_elliptic_curves

rugk avatar Nov 08 '15 20:11 rugk

Yes. It is nice to have this displayed. So far I have only seen secp256r1 and secp384r1 (very rarely). The curve used is quite obvious going by the key size (displayed under the Certificate section). Not sure if adding the curve name would be much of a value add.

Still, would love to do that. (I'm thinking of a new line for the certificate key alone - or else the panel width won't be sufficient).

sibiantony avatar Nov 09 '15 21:11 sibiantony

So far I have only seen secp256r1 and secp384r1 (very rarely).

Yes, this are the most common ones out of the NSAs B Suite.

The curve used is quite obvious going by the key size (displayed under the Certificate section).

The key size of the certificate and the curve are different ones. But here you certainly mean elliptical curves certificates (aka ECDSA or ECDH). But there is still also ECDHE...

Not sure if adding the curve name would be much of a value add.

Well... maybe currently there are not many curves, but there are many canidates and in the future this may be more important as some curves are already distrusted by some cryptologists.

I'm thinking of a new line for the certificate key alone

Yeah, maybe. Just keep in mind that they are also used for ECDH_E_... More about the differences here: https://security.stackexchange.com/questions/50878/ecdsa-vs-ecdh-vs-ed25519-vs-curve25519 More about the support of these curves in the different "parts" of an SSL connection here: https://security.stackexchange.com/questions/104993/does-elliptical-curves-in-ecdhe-and-ecdsa-are-the-same

rugk avatar Nov 09 '15 22:11 rugk

Additionally of course in the UI you should not display "secp256r1 and secp384r1", but the more common names like P-256 and P-384.

rugk avatar Nov 09 '15 22:11 rugk

The curve details from an ECC certificate (Public key algorithm parameters) is available. You can find it in Certificate -> Subject Public Key Algorithm -> Public key parameters. This can be displayed.

However, for a key exchange the curve used is always negotiated during the SSL handshake. (Client Hello -> ServerKeyExchange). So, no, the key exchange curve cannot be displayed.

from @sibiantony in https://github.com/sibiantony/ssleuth/issues/48

rugk avatar Nov 13 '15 20:11 rugk

IMO displaying the curve used in the key exchange would be much more useful - just because it is much more used. However if this is not possible we cannot do much.

But at least: Would you mind creating an issue on Bugzilla about this? So that it - hopefully - will be possible in the future to read this information.

rugk avatar Nov 13 '15 20:11 rugk

Good news: The issue for the RFC by EFF has been closed.

rugk avatar Aug 22 '17 09:08 rugk

Yes, it's only the RFC commit which says

There is no way of extracting this from the key exchange method defined in the cipherSuite (and this is decoupled from the cipher suite in TLS 1.3). For ECHD(E) methods this should be a string containing the name of the group curve used.

Finally, this has to be implemented in Firefox by someone. The keyExchangeGroup string is also made optional in the RFC. So there is no guarantee that it will be present.

sibiantony avatar Aug 22 '17 10:08 sibiantony

Sure… https://bugzilla.mozilla.org/show_bug.cgi?id=1322748#c43 https://github.com/EFForg/webrequest-tlsinfo-api/pull/18#issuecomment-323991073

rugk avatar Aug 22 '17 10:08 rugk