Hi! > > Supporting non-ephemeral ciphers is only ever required on certain > > versions of openssl 0.9.8 > > > In other words: you need not provide AES*GCM-SHA2 and AES*SHA2. > I tested on Debian Lenny 6 with OpenSSL 0.9.8o, it has no SHA2 support, > so I decided to still include SHA1. The other way around: you *only* need SHA1 support. All newer implementations are well aware of ECDHE and DHE and thus will choose ephemeral ciphers anyways.
> OK, I can see you feel uncomftable with my decision to sort the Ciphers > only by pushing Back AES256 which leads to old non-PFS-Ciphers between > good ones. This could be easily solved by adding "+kRSA" to push back > the non-PFS RSA-based-Key-Agreement Ciphers. Actually I wouldn't do that too: now you have first ECDHE TLSv1.2-TLSv1.0 and then DHE TLSv1.2-TLSv1.0. I'd very much recommend to prefer TLS1.2 over all TLSv1.0 ciphers, no matter if they are ECDHE or DHE... And yes, choosing a cipher string is hard. ;-) -- Adi
signature.asc
Description: Digital signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
