search for: fnref2

Hi everyone, Prompted by the fact that addressing some of the recent SSL problems actually would benefit from also changing things on how openSSL is used (not just updating the library), I started looking into some improvements. The tracking ticket is: https://trac.xiph.org/ticket/2070 To sum it up: - hard disable SSLv3 - hard disable compression - new default cipher list - enable forward

...le compression Landed ready to be released in 2.4.1. > - new default cipher list Went with https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 in the end. Previously planned using this: https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/#fnref2 Testing against Qualys gives me identical results for both. We might upgrade to the "Modern" Mozilla string in the future, but as of now that completely breaks our HTTPS functionality. I suspect, because we don't properly support all elliptic curve ciphers yet, which is on our to do...