Re: Disable SSLv3 and set cipher list for bozohttpd

To: tr%vispaul.me@localhost
Subject: Re: Disable SSLv3 and set cipher list for bozohttpd
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Wed, 9 Dec 2015 20:55:01 -0500

On Wed, Dec 09, 2015 at 08:33:35PM -0500, tr%vispaul.me@localhost wrote:
> 
> >Le 2015-12-08 21:58, christos%astron.com@localhost a ??crit??:
> >>Why not supply the ! list (the ones you want to remove)... It is shorter
> >>and easier to understand and maintain...
> 
> I agree, much simpler!

I don't.  Opinions may differ, but I am not a fan of this particular kind
of "algorithm agility".

Pick a small set of ciphersuites, chosen for backwards compatibility with peers
that do only the minimum the standards mandate as a first criterion, and
the consensus of experts about the best current and future alternatives,
and forget the rest.  Often all they can buy you is confusion and trouble.

I would like to see, at most, four ciphersuites supported by default.

Thor

Follow-Ups:
- Re: Disable SSLv3 and set cipher list for bozohttpd
  - From: Jean-Yves Migeon

References:
- Disable SSLv3 and set cipher list for bozohttpd
  - From: tr
- Re: Disable SSLv3 and set cipher list for bozohttpd
  - From: Christos Zoulas
- Re: Disable SSLv3 and set cipher list for bozohttpd
  - From: Jean-Yves Migeon
- Re: Disable SSLv3 and set cipher list for bozohttpd
  - From: tr

Prev by Date: Re: Disable SSLv3 and set cipher list for bozohttpd
Next by Date: Re: Disable SSLv3 and set cipher list for bozohttpd
Previous by Thread: Re: Disable SSLv3 and set cipher list for bozohttpd
Next by Thread: Re: Disable SSLv3 and set cipher list for bozohttpd
Indexes:

Home | Main Index | Thread Index | Old Index