Re: SSL cipher suites

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Thanks. Are these ciphers pfs friendly?

Thanks.
Dave.


On 2/18/18, Michael A. Peters <mpeters@xxxxxxxxxxxxxx> wrote:
> On 02/18/2018 09:00 AM, David Mehler wrote:
>> Hello,
>>
>> I'm looking for recommendations. I'm running apache 2.4 and Openssl
>> 1.0.2n. I'm looking for the strongest certificates that support
>> TLSV1.2 and PFS.
>>
>> Recommendations/pro/conns welcome.
>>
>> Thanks.
>> Dave.
>>
>
> For sites that don't need Tumblr to be able to scrape the OpenGraph data
> (Tumblr seems to use a buggy version of libcurl that doesn't tolerate
> ECDSA certs) I use the following:
>
> SSLCipherSuite "EECDH+CHACHA20 EECDH+AES256 -SHA"
>
> For sites that I need to be social media friendly, I use RSA cert with
> the following:
>
> SSLCipherSuite "EECDH+CHACHA20 EECDH+AESGCM EECDH+AES+SHA384
> EECDH+AES+SHA256 EECDH+AES EDH+AES256 !EDH+AESGCM !EDH+SHA256
>
> Example of how SSL Labs sees ECDSA config:
>
> https://www.ssllabs.com/ssltest/analyze.html?d=librelamp.com&latest
>
> Note that the "Android" browser in some versions of Android can't
> connect, that's because I use LibreSSL which no longer ships the
> deprecated preview version of ChaCha20 and Google, being one of the
> richest companies in the world, can't afford to update those versions of
> Android to use the stable ChaCha20 cipher suite.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux