Re: Disable SSLv3 and set cipher list for bozohttpd

To: tech-security%netbsd.org@localhost
Subject: Re: Disable SSLv3 and set cipher list for bozohttpd
From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Date: Tue, 8 Dec 2015 23:23:20 +0100

On Mon, Dec 07, 2015 at 10:07:12PM -0500, tr%vispaul.me@localhost wrote:
> I chose an intermediate compatibility cipher list as suggested by
> Mozilla[2] and included it below. I'm sure that the patch below
> needs some work (if its even usable as-is) but my main intention
> was to start a discussion and find the best way to implement the
> change if it makes sense.

I have some serious concerns about the cipher order. AES-GCM should only
be used as default choice if there is hardware acceleration for it.
The resistence against timing attacks is very questionable otherwise.

Joerg

References:
- Disable SSLv3 and set cipher list for bozohttpd
  - From: tr

Prev by Date: Re: Disable SSLv3 and set cipher list for bozohttpd
Next by Date: Re: Disable SSLv3 and set cipher list for bozohttpd
Previous by Thread: Re: Disable SSLv3 and set cipher list for bozohttpd
Indexes:

Home | Main Index | Thread Index | Old Index