[Dspace-tech] Recommended TLS cipher suite for sites using HTTPS

Hey, all. I was just having a look at a few institutional DSpace instances, and noticing that they are using sub-par cryptography. Unless you have a specific need to use SHA1, AES-CBC, RC4, MD5, or non-DHE RSA, you should REALLY be using the TLS cipher suite from this Mozilla guide:

Re: [Dspace-tech] Recommended TLS cipher suite for sites using HTTPS

Hi Alan Any advice here: http://wiki.lib.sun.ac.za/index.php/SUNScholar/Secure_Internet_Connections, would be appreciated. Cheers hg *Hilton Gibson* Ubuntu Linux Systems Administrator JS Gericke Library Room 1025C Stellenbosch University Private Bag X5036 Stellenbosch 7599 South Africa Tel:

Re: [Dspace-tech] Recommended TLS cipher suite for sites using HTTPS

On Sat, Sep 13, 2014 at 8:43 PM, Hilton Gibson hilton.gib...@gmail.com wrote: Any advice here: http://wiki.lib.sun.ac.za/index.php/SUNScholar/Secure_Internet_Connections, would be appreciated. See the ciphers attribute here: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support

Re: [Dspace-tech] Recommended TLS cipher suite for sites using HTTPS

Thx Helix Who is the arbiter safe ciphers? I am not a cipher expert. Cheers hg *Hilton Gibson* Ubuntu Linux Systems Administrator JS Gericke Library Room 1025C Stellenbosch University Private Bag X5036 Stellenbosch 7599 South Africa Tel: +27 21 808 4100 | Cell: +27 84 646 4758 On 13

Re: [Dspace-tech] Recommended TLS cipher suite for sites using HTTPS

On Sat, Sep 13, 2014 at 9:05 PM, Hilton Gibson hilton.gib...@gmail.com wrote: Who is the arbiter safe ciphers? I am not a cipher expert. There's no arbiter. The set changes over time as new vulnerabilities are found in existing ciphers and new ciphers are developed to mitigate those attack