On 03/12/2015 01:08 PM, William MARTIN wrote: > Why the major part of ciphers (enabled in polar_ssl.h) are not listed in > server.c ? Due that we can't use thoses ciphers. Most of ciphers listed > on the following link are compiled but we can't use it. Can i do a pull > request to add thoses missing ciphers in the list ? > https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
To quote from your linked page: > For services that don't need backward compatibility, the parameters below provide a higher level of security. This configuration is compatible with Firefox 27, Chrome 22, IE 11, Opera 14 and Safari 7. Chrome 22 was released 2012-09-25. Now look at the majority of commits ;) But apart from guessing I can't answer your other questions, I don't see a reason why a modernization of ssl cipher support could be bad. Greetings. Florian
