How do I checks what ciphers are available to the https compiled binary, and how do I check with of those are active in the configuration? Is there any technical reason that ECDHE-RSA-AES128-SHA256 cannot be used on a server with a self-signed cert (there's no e-commerce or any financial data of any sort on the server). If an existing server wants to switch so that all traffic is encrypted using DH if possible (interested in implementing Perfect Forward Secrecy) are there any "Gotcha's" lurking in the bushes? If you enable ECDHE-RSA-AES128-SHA256, should you disable EDH? To be accessible for most people (including some Windows XP users), what else do I need to enable in the cipher suite? RC4? RC4-SHA? TLSv1? AES? Which ones do I need to avoid? -- It's like looking for the farmer's daughter in a haystack, and finding the needle. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|