Hi Cyril, On Wed, Aug 30, 2017 at 06:55:07PM +0200, Lukas Tribus wrote: > Hello, > > > > Hehe yikes! This was it. It's normal that someone get's lost in all > > this cipher crap and it should be written in the HaProxy manual as > > an important step on how to harden security. > > Its not a good idea to suggest specific cipher settings in the manual, as > the situation may change faster than we are able to update it; especially > considering lack of backports to packages in distro repositories. > > Instead I would suggest to take the advice of trusted sources (as opposed > to random blog posts) like Mozilla: > > https://wiki.mozilla.org/Security/Server_Side_TLS > https://mozilla.github.io/server-side-tls/ssl-config-generator/
I totally agree with you on this, and I think the best solution would be to put a few such trustable links in the doc so that users directly find the information from reliable sources. Willy
