SSL ciphers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Now that I got SSL running properly I wanted to fiddle a bit with it, namely its cipher-list and there's something that if not good IMHO.

SSLv2 is obsolete and dangerous but SSLv3 is also largely deprecated, even the first versions of TLS are deprecated.

A strict minimum for a cipher-list should be :

HIGH:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1:!3DES:!RC4:!aNULL:!ADH

"MEDIUM" is also acceptable but ciphers should start at least at TLSv1.2!

The problem with Gluster setting is that's impossible to go above

HIGH:!SSLv2:!3DES:!RC4:!aNULL:!ADH

Which is bad.. Gluster uses SSL only and not TLS :-( An upgrade should be considered.

--
Unix _IS_ user friendly, it's just selective about who its friends are.
_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
http://www.gluster.org/mailman/listinfo/gluster-users
[Index of Archives]     [Gluster Development]     [Linux Filesytems Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux