[Ach] [ssllabs-discuss] Minimal recommended cipher suite list, pref. as an interactive SSL Labs page
hkario at redhat.com
Thu Jun 12 16:11:53 CEST 2014
----- Original Message -----
> From: "Aaron Zauner" <azet at azet.org>
> To: "Hubert Kario" <hkario at redhat.com>
> Cc: "ianG" <iang at iang.org>, ssllabs-discuss at lists.sourceforge.net, "ach at lists.cert.at List Mailing"
> <ach at lists.cert.at>
> Sent: Thursday, June 12, 2014 3:49:13 PM
> Subject: Re: [Ach] [ssllabs-discuss] Minimal recommended cipher suite list, pref. as an interactive SSL Labs page
> Hubert Kario wrote:
> > Well, if you're testing just server side, then
> > https://github.com/jvehent/cipherscan
> > should be enough. It requires just bash (you can use statically
> > compiled openssl, either the included one or one you compiled yourself).
> Sure I know that. But ideally you want to check client and server, this
> is what my scripts currently compare. But only for OpenSSL.
I don't see how checking multiple clients is relevant if you force server
side cipher ordering (which you must do to get robust PFS anyway).
More information about the Ach