Message149849
> - Disable SSLv2
It should be disabled automatically since the SSLv2 cipher suites are not part of "HIGH": see http://www.openssl.org/docs/apps/ciphers.html#SSL_v2_0_cipher_suites_
> - Enable ECC/ECDHE by default
> - Enable DH/DHE by default
These both require parameters. I think adding simple instructions in the documentation would go a long way towards helping users. It would also probably be more instructive than silently choosing default values.
(after all, for ECDHE it's a one-line addition; DHE needs a separate file so it's less immediate)
> With this in place, i would then suggest to see which is the "Default
> ordered list of ciphers" with an SSL cipher scanner/wireshark.
I'm not really able to do that. Perhaps you can help? |
|
Date |
User |
Action |
Args |
2011-12-19 12:33:47 | pitrou | set | recipients:
+ pitrou, gregory.p.smith, naif |
2011-12-19 12:33:47 | pitrou | set | messageid: <1324298027.42.0.503894765572.issue13636@psf.upfronthosting.co.za> |
2011-12-19 12:33:46 | pitrou | link | issue13636 messages |
2011-12-19 12:33:46 | pitrou | create | |
|