Displaying 3 results from an estimated 3 matches for "intermediate_compatibility_".
2014 Nov 02
2
Proposed openSSL usage improvements
Hi everyone,
Prompted by the fact that addressing some of the recent SSL problems
actually would benefit from also changing things on how openSSL is used
(not just updating the library), I started looking into some improvements.
The tracking ticket is:
https://trac.xiph.org/ticket/2070
To sum it up:
- hard disable SSLv3
- hard disable compression
- new default cipher list
- enable forward
2014 Nov 09
0
Proposed openSSL usage improvements
...vements.
>
> The tracking ticket is:
> https://trac.xiph.org/ticket/2070
>
> To sum it up:
> - hard disable SSLv3
> - hard disable compression
Landed ready to be released in 2.4.1.
> - new default cipher list
Went with
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
in the end.
Previously planned using this:
https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/#fnref2
Testing against Qualys gives me identical results for both.
We might upgrade to the "Modern" Mozilla string in the future, but as of
now that completely break...
2017 Jan 17
3
Correct settings for ssl protocols" and "ssl ciphers"
I have the following two settings in my "10-ssl.conf" file
# SSL protocols to use
ssl_protocols = !SSLv2
# SSL ciphers to use
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
I have seen different configurations while Googling. I am wondering
what the consensus is for the best settings for these two items. What
do the developers recommend?
Thanks!
--
Jerry