[Ach] CloudFlare's SSL config for public-facing nginx hosts

Aaron Zauner azet at azet.org
Mon May 5 13:36:18 CEST 2014

Alan Orth wrote:
> Thought this might be of interest to the list, CloudFlare posted the SSL
> ciphersuites they use on their public-facing nginx hosts:
> https://github.com/cloudflare/sslconfig/
> Notably, they have SSLv3 and RC4 enabled, though they discuss their
> support for RC4 in an early 2014 blog post here:
> http://blog.cloudflare.com/killing-rc4
I've seen it as well and just didn't post it because I think these are
bad recommendations. They also serve DES-CBC3 and RC4 without PFS. I'm
pretty certain that there are more unknown attacks on RC4 we do not know
about yet out there.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140505/c40f6014/attachment.sig>

More information about the Ach mailing list