FlexHub Forum

FlexHub General => Feature requests => Topic started by: Logicwax on January 15, 2014, 02:37:34

Title: feature request: forward secrecy DHE-RSA-AES256-SHA
Post by: Logicwax on January 15, 2014, 02:37:34
Is there planned forward secrecy encryption for Flexhub?

for example, on a flexhub hub, you will see AES256-SHA for the hub connection.


On other hubsofts (like ADCH), you will see DHE-RSA-AES256-SHA for the hub connection, implying forward secrecy.


It would be great to see Flexhub upgraded to this common crypto standard that is available on other hubs.


Title: Re: feature request: forward secrecy DHE-RSA-AES256-SHA
Post by: FlipFlopâ„¢ on January 15, 2014, 03:15:05
It looks like it can be done, I'll put it on the todo list.
Title: Re: feature request: forward secrecy DHE-RSA-AES256-SHA
Post by: Logicwax on January 15, 2014, 03:23:22
great!

Because in multi-user systems like ADC hubs, forward secrecy gains importance.   All it takes is one user to have the key leaked, and any and all captured traffic ever logged is able to be decrypted and recovered.


DHE-RSA adds a way for a session-unique key to exist, so years of captured data would be rendered useless.
Title: Re: feature request: forward secrecy DHE-RSA-AES256-SHA
Post by: Logicwax on January 16, 2014, 00:03:33
according to this site:
http://www.broadinstitute.org/~carneiro/software/luassl/references.html#ephemeral

some source code changes would need to be made in the Lua code.