Recommended Ciphersuite
Jan Rękorajski
baggins at pld-linux.org
Tue Apr 22 11:32:01 CEST 2014
On Mon, 21 Apr 2014, Elan Ruusamäe wrote:
> https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Ciphersuite
>
> should we update our apache (and other browser) ciphers list based on that?
Our current ciphers list is:
ALL:!ADH:!EXP:!LOW:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
instead of putting there random list of ciphers we can achieve the same
effect just by disabling the weak ones, like this:
ALL:!ADH:!EXPORT!LOW:!SSLv2:!DES:!3DES:!aNULL:!eNULL:!MD5:!PSK:!SEED:+HIGH:+MEDIUM
Looks better IMO.
--
Jan Rękorajski | PLD/Linux
SysAdm | http://www.pld-linux.org/
baggins<at>mimuw.edu.pl
baggins<at>pld-linux.org
More information about the pld-devel-en
mailing list