[Ach] MAAWG recommendation

Maciej Soltysiak maciej at soltysiak.com
Thu Feb 4 11:41:58 CET 2016


If you use the recommendation for nginx and configure the ciphers to
AES256+EECDH:AES256+EDH with HTTP2 enabled your Chrome users will get:

There'a an issue thread here which is closed with WontFix:

You could add ECDHE-RSA-AES128-GCM-SHA256 to your cipherlist to satisfy an
HTTP2 MUST requirement:

"To avoid this problem causing TLS handshake failures, deployments of
HTTP/2 that use TLS 1.2 MUST support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[TLS-ECDHE] with the P-256 elliptic curve [FIPS186]."

Best regards,
Maciej Soltysiak

DNSCrypt Poland

On Wed, Feb 3, 2016 at 8:10 AM, A. Schulze <sca at andreasschulze.de> wrote:

> Hello,
> MAAWG, the Messaging, Malware and Mobile Anti-Abuse Working Group, just
> published a
> Recommendations for Using Forward Secrecy:
> https://www.m3aawg.org/sites/default/files/m3aawg-forward-secrecy-recommendations-2016-01.pdf
> As our company is a MAAWG member I could give feedback to the authors if
> necessary.
> Andreas
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20160204/a40ade58/attachment.html>

More information about the Ach mailing list