Am 26.08.2013 11:07, schrieb Florian Weimer: > On 08/24/2013 11:38 AM, Reindl Harald wrote: >> https://bugzilla.redhat.com/show_bug.cgi?id=319901 >> >> looks like Redhat based systems are the only remaining >> which does not support EECDHE which is a shame these >> days in context of PRISM and more and more Ciphers >> are going to be unuseable (BEAST/CRIME weakness) > > Current Fedora supports perfect forward secrecy just fine it does *not* yes it does in theory > It's just that web server operators routinely refuse to offer it. cause and effect because Fedora does *not* support Ciphers without large performance impacts in reality without ECDHE you have no way go to https://www.ssllabs.com/ssltest/ and look at the client-handshakes practically no client is using PFS without ECDHE that's the truth if it comes to PFS and Redhat/Fedora http://www.internetstaff.com/roller/blog/entry/enable_elliptical_curve_diffie_hellman http://www.theverge.com/2013/6/26/4468050/facebook-follows-google-with-tough-encryption-standard
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
