[Ach] CloudFlare's SSL config for public-facing nginx hosts

Aaron Zauner azet at azet.org
Mon May 5 13:36:18 CEST 2014



Alan Orth wrote:
> Thought this might be of interest to the list, CloudFlare posted the SSL
> ciphersuites they use on their public-facing nginx hosts:
> 
> https://github.com/cloudflare/sslconfig/
> 
> Notably, they have SSLv3 and RC4 enabled, though they discuss their
> support for RC4 in an early 2014 blog post here:
> 
> http://blog.cloudflare.com/killing-rc4
> 
I've seen it as well and just didn't post it because I think these are
bad recommendations. They also serve DES-CBC3 and RC4 without PFS. I'm
pretty certain that there are more unknown attacks on RC4 we do not know
about yet out there.

Aaron

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140505/c40f6014/attachment.sig>


More information about the Ach mailing list