Hi Mike,
On 07/10/2015 01:11 PM, Mike Barnes wrote:
Do you have any details on which client software and versions you've
tested, Mathias? I've been looking at doing this but I've been more
concerned about the client experience than s2s issues.
At jabber.ccc.de, I had (forcing Forward Secrecy
Yes, my server would be one of those who cannot reach jabber.ccc.de any
more.
I did not get around to turning it on yet, I need a software upgrade for
that.
I understand the need for extra security but enforcing it right away
without giving fellow operators time to upgrade as well will only
I second this a little bit.
In my case I need to upgrade from Debian wheezy to jessie to get PFS, so
there is more work involved. And I'd expect a decent number of servers
to be in the same situation. Jessie came out in April, so it's not brand
new. But it is still fairly recent and you can't
Hi David and all other wheezy users!
On 2015-07-27 19:22, David Mohr wrote:
In my case I need to upgrade from Debian wheezy to jessie to get PFS, so
there is more work involved. And I'd expect a decent number of servers
to be in the same situation. Jessie came out in April, so it's not brand
Had upgraded from Wheezy's ejabberd to Jessie's in a week the latter was
released and can say that it was not that hard. Now ejabberd is
relatively up-to-date and works great. The configuration format changed
to YAML, but ejabberd is shipped with a conversion tool, which converts
old config
On 2015-07-21 00:19, Jonathan Schleifer wrote:
So, 4096 bit RSA just gives you an additional 16 bits for your AES,
while doubling the number of RSA bits more than doubles the
computational overhead…
I consider this argument invalid. It's not because just additional 16
bits is wrong. Its
Am 27.07.2015 um 20:09 schrieb Mathias Ertl m...@fsinf.at:
On 2015-07-21 00:19, Jonathan Schleifer wrote:
So, 4096 bit RSA just gives you an additional 16 bits for your AES,
while doubling the number of RSA bits more than doubles the
computational overhead…
I consider this argument
Am 27.07.2015 um 21:05 schrieb Vincent Lauton vi...@darkness.su:Excuse me guys,but my server costs me 12.6$ a month,and it's offshore where powerful hardware gets more expensive.It is not a powerful server.I still manage to enforce PFS with plenty of resources to spare.SSL resources are not that
Excuse me, but i dont understand your problems, for example my public
jabber server (
https://xmpp.net/result.php?domain=jabber.plitc.eutype=client ) runs
PFS for a long time and it's just a cheap freebsd jail with always the
current prosody port ( http://www.freshports.org/net-im/prosody/ )
why not allow 2048 for now with the prerequisite that all server may move
to 4096, if we can actually agree on it. Some people may also need to
purchase new certs anyways, so at least they have a heads up.
but that's just me.. I just had a 2048 last year before renewing and just
so happened to do
Hi,
On 2015-07-27 20:58, Jonathan Schleifer wrote:
Am 27.07.2015 um 20:09 schrieb Mathias Ertl m...@fsinf.at:
On 2015-07-21 00:19, Jonathan Schleifer wrote: So, 4096 bit RSA
just gives you an additional 16 bits for your AES, while doubling
the number of RSA bits more than doubles the
I thought I saw some servers were already discriminating by cert size, mb.
On Mon, Jul 27, 2015 at 4:36 PM, Mathias Ertl m...@fsinf.at wrote:
I think we have a misunderstanding here:
On 2015-07-27 22:28, Patrick Beisler wrote:
why not allow 2048 for now with the prerequisite that all server
My certtificate has always been 4096 bit.
I think we have a misunderstanding here:
On 2015-07-27 22:28, Patrick Beisler wrote:
why not allow 2048 for now with the prerequisite that all server may
move to 4096, if we can actually agree on it. Some people may also need
to purchase new certs anyways, so at least they have a heads up.
14 matches
Mail list logo
