Message149847
Ok for:
'HIGH:!aNULL:!eNULL'
but also:
- Disable SSLv2
- Enable ECC/ECDHE by default
- Enable DH/DHE by default
With this in place, i would then suggest to see which is the "Default ordered list of ciphers" with an SSL cipher scanner/wireshark.
Then we would be able to know if the "default order" for the ciphers is reasonable or if we would need to manually organize it to have a preferred selection that consider security and performance, while keeping always compatibility.
What do you think of an approach like this? |
|
Date |
User |
Action |
Args |
2011-12-19 12:19:10 | naif | set | recipients:
+ naif, gregory.p.smith, pitrou |
2011-12-19 12:19:10 | naif | set | messageid: <1324297150.81.0.798902647643.issue13636@psf.upfronthosting.co.za> |
2011-12-19 12:19:10 | naif | link | issue13636 messages |
2011-12-19 12:19:10 | naif | create | |
|