[Bug-wget] Wget and Perfect Forward Secrecy

[Tim Ruehsen]

Hi,

the recent discussion about PRISM and privacy in general made more and more 
web service operators enabling the so-called 'Perfect Forward Secrecy' (namely 
enabling Diffie Hellmann key exchange algorithms). For backward compatibility 
they still leave the none-DH (RSA) enabled, so that many clients (including 
Wget) choose these during handshake.

To have more control over this behaviour, I would like to see the possibility 
for the user to force (or at least prefer) DH key exchange plus enabling 
secure cipher suites (e.g. 256 bit ciphers)
Or in general more control to the user about SSL/TLS behaviour.

GnuTLS already has a very user-friendly 'priority' scheme which we could open 
to users with e.g. --secure-protocol=gnutls:SECURE128:+SECURE256:-VERS-
SSL3.0:-RSA. (Just an example how it could be done.)

To make it easier for users we could also predefine something like --secure-
protocol=force-pfs that internally maps to 'NORMAL:-VERS-SSL3.0:-RSA'.

We could later write a wrapper to map GnuTLS priority syntax to OpenSSL API 
calls.

Distribution maintainers could define a default in /etc/wgetrc 
(secureprotocol=...) as they like.

Of course there are other ways to achieve the goal. At the moment I prefer 
extending --secure-protocol to not have another option. And second I prefer 
GnuTLS because of it's priority strings and because Wget and GnuTLS both are 
official GNU software.

What do you think ?


some references
http://gnutls.org/manual/html_node/Priority-Strings.html
http://nmav.gnutls.org/2011/12/price-to-pay-for-perfect-forward.html
https://github.com/ssllabs/research/wiki/Forward-Secrecy

To play around with priority string (example):
        $ gnutls-cli --list www.savannah.de --priority NORMAL:-RSA

To check your server security:
        https://www.ssllabs.com/ssltest/index.html

Regards, Tim