[Ach] MAAWG recommendation
Maciej Soltysiak
maciej at soltysiak.com
Thu Feb 4 11:41:58 CET 2016
Hi,
If you use the recommendation for nginx and configure the ciphers to
AES256+EECDH:AES256+EDH with HTTP2 enabled your Chrome users will get:
ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY
There'a an issue thread here which is closed with WontFix:
https://code.google.com/p/chromium/issues/detail?id=545757
You could add ECDHE-RSA-AES128-GCM-SHA256 to your cipherlist to satisfy an
HTTP2 MUST requirement:
"To avoid this problem causing TLS handshake failures, deployments of
HTTP/2 that use TLS 1.2 MUST support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[TLS-ECDHE] with the P-256 elliptic curve [FIPS186]."
Best regards,
Maciej Soltysiak
DNSCrypt Poland
https://dnscrypt.pl/
On Wed, Feb 3, 2016 at 8:10 AM, A. Schulze <sca at andreasschulze.de> wrote:
> Hello,
>
> MAAWG, the Messaging, Malware and Mobile Anti-Abuse Working Group, just
> published a
> Recommendations for Using Forward Secrecy:
>
> https://www.m3aawg.org/sites/default/files/m3aawg-forward-secrecy-recommendations-2016-01.pdf
>
> As our company is a MAAWG member I could give feedback to the authors if
> necessary.
>
> Andreas
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20160204/a40ade58/attachment.html>
More information about the Ach
mailing list