[Ach] SSL for limited user groups

Robert M. Albrecht lists at romal.org
Thu Jan 1 17:44:32 CET 2015


exactly my point, easy to make errors for non-crypto-experts:


is more reasonable ?

Most tools seems to work, will test Gnome 3 tomorrow.

cu romal

Am 01.01.15 um 14:11 schrieb Hanno Böck:
> On Thu, 01 Jan 2015 13:26:15 +0100
> "Robert M. Albrecht" <lists at romal.org> wrote:
>> SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
>> SSLCipherSuite
> This doesn't look like a very reasonable config for your setting.
> If you have a closed user group and can rely on only high security
> settings you likely want to limit your config to ciphers with forward
> secrecy and AES-GCM. (and if you're running libressl or some openssl
> preview/beta you can add chacha20)
> It's pretty much consensus that everything using CBC should be
> considered dangerous and we should strive for deprecating it. That
> means all Camellia ciphers and all non-gcm-aes-modes.
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

More information about the Ach mailing list