Message214487
Attached is a patch that:
* Switches the protocol to SSLv23 so that we can negotiate a TLS1.1 or TLS1.2 connection.
* Sets OP_CIPHER_SERVER_PREFERENCE for Purpose.CLIENT_AUTH so that our carefully selected cipher priority gives us better encryption and PFS
* Sets OP_SINGLE_DH_USE and OP_SINGLE_ECDH_USE for Purpose.CLIENT_AUTH to prevent re-use of the DH and ECDH keys in distinct sessions. |
|
Date |
User |
Action |
Args |
2014-03-22 16:26:50 | dstufft | set | recipients:
+ dstufft, pitrou, christian.heimes |
2014-03-22 16:26:50 | dstufft | set | messageid: <1395505610.58.0.148408426863.issue21013@psf.upfronthosting.co.za> |
2014-03-22 16:26:50 | dstufft | link | issue21013 messages |
2014-03-22 16:26:50 | dstufft | create | |
|