>Steve, have you considered trimming the DEFAULT cipher list?
>It's currently...
>#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
> I wonder how many of these ciphers are actually ever negotiated in real-world
> use.
I'm forwarding a bit of internal discussion; hope it's useful. This is from
one of our chief info-sec people:
My weak opinion is that cipher brokenness is most important (so put 3DES and
RC4 last, and the AEAD modes ahead of the MAC-then-encrypt modes), followed by
hash strength, followed by PFS presence, followed by SHA and AES bit length. I
think that would give us:
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
AES256-GCM-SHA384
AES128-GCM-SHA256
ECDHE-ECDSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES128-SHA256
AES256-SHA256
AES128-SHA256
AES128-SHA
RC4-SHA
DES-CBC3-SHA
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
:��I"Ϯ��r�m�����
(����Z+�7�zZ)���1���x���h����W^��^��%�����&jם.+-1�ځ��j:+v�������h�
