The security industry continues to raise standards to keep the Internet’s SSL/TLS communications secure. Google announced in a blog post plans to deprecate DHE-based cipher suites. This announcement follows several noteworthy browser security advancements for 2015-16.
Earlier this year the major browsers announced they would be ending support for RC4 ciphers in early 2016. In May 2015, Chrome announced that they would “raise the minimum TLS Diffie-Hellman group size from 512-bit to 1024-bit” in Chrome 45. And, in October 2015, Mozilla Firefox and Microsoft announced they are considering ending support for SHA-1 in mid-2016.
When Chrome announced they would be ending support for 512-bit DHE, they pointed out that the move to 1024-bit DHE (the new minimum) was not a long-term solution. Unfortunately, an overwhelming majority of DHE connections (95% as seen by Chrome) continue to use the 1024-bit DHE.
Because of the way DHE is negotiated in TLS, dropping support for 1024-bit DHE would be difficult. So, one of the solutions would be to end support for DHE-based cipher suites all together in favor of the ECDHE-based cipher suites. To better understand the effects of the move from DHE to ECDHE ciphers, Chrome is going to prioritize ECDHE-based ciphers over DHE-based ciphers.
In Chrome 49, DHE-based cipher suites will no longer be offered in the initial handshake between browser and server. If the initial handshake fails, another handshake will be initiated using DHE. In Chrome 49 if a server is negotiating DHE-based cipher suites, forward secrecy will no longer work. For forward secrecy to work, servers will need to be reconfigured to use ECDHE-based cipher suites.