Have you submitted a bug report for Apache (not honouring server config cipher order) if one doesn't exist?
As for resistant to quantum computers, given the current aim is for systems that can calculate things that would currently take the age of the universe to calculate, resistance is futile ;)
alan
On 18 Dec 2017 4:47 pm, "Colony.three via openssl-users" <openssl-users@xxxxxxxxxxx> wrote:
- FF claims it does DHE/EDH, but it does not actually, in practice. It does either EC, or RSA. I've tested it. (v52) This does not look like an accident.
Have you find a server that does DHE/EDH, and only that, that FF cannot connect to?
I've set mine to test this comprehensively. (Apache and NginX) With Apache Firefox -ignores- server-prescribed ciphers and chooses an EC. NginX does properly prevail with the algo. Was this an accident, Apache?And Firefox simply can not make a connexion when the only choices are the DHE/EDH algos -- which they say they can do here.
- "Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can."
I missed that, thanks. And for non-NSA curves that aren’t influenced?
As with Schnier, I don't trust any EC. It's a shame. I am looking forward to independent lattice. (Not that Mozilla, will implement it) For now I'm set to DHE/EDH (fruitlessly) and RSA (AES). RSA is cracked by a very few, but this is the decision I've made.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
