Recommended Ciphersuite

Jan Rękorajski baggins at pld-linux.org
Tue Apr 22 11:32:01 CEST 2014


On Mon, 21 Apr 2014, Elan Ruusamäe wrote:

> https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Ciphersuite
> 
> should we update our apache (and other browser) ciphers list based on that?

Our current ciphers list is:

ALL:!ADH:!EXP:!LOW:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

instead of putting there random list of ciphers we can achieve the same
effect just by disabling the weak ones, like this:

ALL:!ADH:!EXPORT!LOW:!SSLv2:!DES:!3DES:!aNULL:!eNULL:!MD5:!PSK:!SEED:+HIGH:+MEDIUM

Looks better IMO.

-- 
Jan Rękorajski                                 | PLD/Linux
SysAdm                                         | http://www.pld-linux.org/
baggins<at>mimuw.edu.pl
baggins<at>pld-linux.org


More information about the pld-devel-en mailing list