Hi,
Now that I got SSL running properly I wanted to fiddle a bit with it,
namely its cipher-list and there's something that if not good IMHO.
SSLv2 is obsolete and dangerous but SSLv3 is also largely deprecated, even
the first versions of TLS are deprecated.
A strict minimum for a cipher-list should be :
HIGH:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1:!3DES:!RC4:!aNULL:!ADH
"MEDIUM" is also acceptable but ciphers should start at least at
TLSv1.2!
The problem with Gluster setting is that's impossible to go above
HIGH:!SSLv2:!3DES:!RC4:!aNULL:!ADH
Which is bad.. Gluster uses SSL only and not TLS :-( An upgrade should be
considered.
--
Unix _IS_ user friendly, it's just selective about who its friends are.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.gluster.org/pipermail/gluster-users/attachments/20150319/5e6f8dd0/attachment.html>