[Ach] reverted 41091bb2c3fe5396d6c8d9261236068a12726f91
christian mock
cm at coretec.at
Fri Dec 27 23:45:34 CET 2013
On Fri, Dec 27, 2013 at 09:02:27PM +0100, Adi Kriegisch wrote:
> I think the whole cipherB string isn't necessary at all: it is meant for
> a diverse set of clients to provide a good level of compatibility. OpenVPN
> only needs to be able to talk to OpenVPN -- but in a backwards compatible
> way allowing older client versions to connect too. So, I think recommending
> just one or two DHE-AES (256 or 128 bit?) ciphers and probably add some
And client versions compiled with different openssl versions, and
client versions on differing OSes/distributions, so in the end a
longer list of suites may be required.
So I think the more-or-less config B as we have it now is OK.
cm.
--
Christian Mock Wiedner Hauptstr. 15
Senior Security Engineer 1040 Wien
CoreTEC IT Security Solutions GmbH +43-1-5037273
FN 214709 z
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
http://heise.de/-1260559
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
More information about the Ach
mailing list