[Ach] Updated Mozilla TLS guide

Aaron Zauner azet at azet.org
Wed Oct 15 17:32:28 CEST 2014

Adi Kriegisch wrote:
> Hey!
>> I used the same tool about a week ago on bettercrypto.org:443. I mailed
>> guys to update to our current cipherstring (which also forbids SEED as
>> as the anon-DH ciphers old openssl versions might negotiate) :)
> This is from the fallback host. https://bettercrypto.org itself does not
> support SEED and neither anon-DH.

Ah, that makes sense. I also had a look at our Draft - the 'legacy'
Webserver configurations are just confusing. I'm for removing both the
configuration on our Webserver as well as any mention in the document.
People that just copy+paste might end up just using a 'ALL' cipherstring,
which is exactly the opposite of what our guide tries to do.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20141015/e6f6fc0f/attachment.html>

More information about the Ach mailing list