Am Wed, 3 May 2017 16:23:52 +0000 schrieb Lukas Tribus <luky...@hotmail.com>:
> Currently we unconditionally set SSL_OP_CIPHER_SERVER_PREFERENCE [1], > which may not always be a good thing. I fully agree with you. One of my customer use nginx and I have activated the ssl_prefer_server_ciphers. This was not that good just because a lot of the clients wasn't able to connect. Luckily I was able to deactivate this on nginx and it would be nice to have such a option also in the famos product called haproxy ;-) Regards Aleks > The benefit of server side cipher prioritization may not apply to all > cases out there, and it appears that the various SSL libs are going > away from this recommendation ([2], [3]), as insecure ciphers suites > are properly blacklisted/removed and honoring the client's preference > is more likely to improve user experience (for example using > SW-friendly ciphers on devices without HW AES support). > > This is especially true for TLSv1.3, which will restrict the cipher > suites to just AES-GCM and Chacha20/Poly1305. > > Apache [4], nginx [5] and others give admins full flexibility, we > should as well. > > The initial proposal to change the current default and add a > "prefer-server-ciphers" option (as implemented in e566ecb) has been > declined due to the possible security impact. > > This patch implements prefer-client-ciphers without changing the > defaults. > > [1] https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html > [2] https://github.com/openssl/openssl/issues/541 > [3] https://github.com/libressl-portable/portable/issues/66 > [4] > https://httpd.apache.org/docs/2.0/en/mod/mod_ssl.html#sslhonorcipherorder > [5] > https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers > --- v2 patch doesn't change defaults and implements > prefer-client-ciphers instead of "prefer-server-ciphers". [snipp]
