Re: httpd vs TLS

To: tech-security%NetBSD.org@localhost
Subject: Re: httpd vs TLS
From: Mateusz Kocielski <shm%digitalsun.pl@localhost>
Date: Thu, 17 Mar 2016 11:50:32 +0000

On Thu, Mar 17, 2016 at 12:07:37PM +0100, Joerg Sonnenberger wrote:
> On Thu, Mar 17, 2016 at 09:51:23AM +0000, Mateusz Kocielski wrote:
> > I believe that the problem is that we deny TLSv1
> 
> TLS 1.0 to be precise. IIRC there are some concerns about TLS 1.0, but
> the browser support is a bit on the weak side for slightly outdated
> versions (e.g. Firefox ESR 24 doesn't enable v1.1 or v1.2). I find it
> more useful to enable it.

There are vulnerabilities with fancy names like CRIME etc., but they can be
mitigated using additional configuration, so I'll enable TLS 1.0 soon.

Would be nice if we can add knobs for users to configure SSL stuff as they
want to (without forcing them to recompile anything).

 Mateusz

References:
- httpd vs TLS
  - From: Thomas Klausner
- Re: httpd vs TLS
  - From: Mateusz Kocielski
- Re: httpd vs TLS
  - From: Joerg Sonnenberger

Prev by Date: Re: httpd vs TLS
Next by Date: Re: httpd vs TLS
Previous by Thread: Re: httpd vs TLS
Next by Thread: Re: httpd vs TLS
Indexes:

Home | Main Index | Thread Index | Old Index