oss-sec mailing list archives

Re: openssl default ciphers

From: Reed Loden <reed () reedloden com>
Date: Mon, 4 Nov 2013 12:37:38 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Mozilla opsec guys wrote up some good guidelines recently on what
they consider a good TLS cipher suite choice should be, but even if you
didn't want to go all-out by making the default ultra-secure (with
full PFS, etc.), they explain their choices fairly well, so should be
useful in trying to figure out a middle ground that makes most people
happy.

https://wiki.mozilla.org/Security/Server_Side_TLS

~reed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iKYEARECAGYFAlJ4BZJfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldDZCNTZGOUFDMDdCNjg1RDdEQzQ1NjBEQTZC
QTIyMjI2RjNDMzNENUEACgkQa6IiJvPDPVrsJwCeIw5lo0/5JiV1z0fsz+rGigai
0UYAoMRIc5jKSxKRpd2iM54hwyotLPid
=uOgO
-----END PGP SIGNATURE-----

Current thread:

openssl default ciphers Stefan Bühler (Nov 04)
- Re: openssl default ciphers Daniel Kahn Gillmor (Nov 04)
- Re: openssl default ciphers Eric H. Christensen (Nov 04)
- Re: openssl default ciphers Hanno Böck (Nov 04)
  - Re: openssl default ciphers Russ Allbery (Nov 04)
  - Re: openssl default ciphers Stefan Bühler (Nov 04)
    - Re: openssl default ciphers Mike (Nov 04)
    - Re: openssl default ciphers Eric H. Christensen (Nov 04)
    - Re: openssl default ciphers leToff (Nov 04)
    - Re: openssl default ciphers Stefan Bühler (Nov 05)
- Re: openssl default ciphers Reed Loden (Nov 04)
  - Re: openssl default ciphers Florian Weimer (Nov 05)