As you may or may not know, SSLHonorCipherOrder is supported since
apache 2.1.
This diff ports this feature to OpenBSD's httpd. Its effects can be
tested @ https://www.ssllabs.com/ssltest/analyze.html?d=example.com by
playing with SSLHonorCipherOrder/SSLCipherSuite directives.
On Mon, Jul 08, 2013 at 05:30:22AM +0200, J??r??mie Courr??ges-Anglas wrote:
Otto Moerbeek had already done work about this, but no one commented on
the mailing-list: http://marc.info/?l=openbsd-techm=136670100711787w=2
I am sorry I've missed his earlier email.
This diff is adapted from
On Tue, Apr 23, 2013 at 09:08:19AM +0200, Otto Moerbeek wrote:
If there is any interest, I might add the manual stuff, get ok's and
commit it.
I find it useful to have SSLHonorCipherOrder in OpenBSD's apache.
On Mon, Jul 08, 2013 at 07:06:43AM +0200, Otto Moerbeek wrote:
I think you missed the renogiate case. Anyway, I posted almost the
same diff some time ago.
You're right -- renegotiate case was missed. Your patch from April looks
fine to me. It would be beneficial to have it committed.
Thanks
On Mon, May 20, 2013 at 08:24:06PM +0100, Stuart Henderson wrote:
If you make it a couple of paragraphs past the table, there is this
paragraph, which is rather clear:
Using AES-GMAC or NULL with ESP will only provide authentication. This
is useful in setups where AH can not be
On Sat, May 18, 2013 at 04:30:43AM +0200, Reyk Floeter wrote:
You're mixing up GCM and GMAC. You have to update your config to use
aes-256-gcm instead of aes-256-gmac! The GMAC is actually only the
authentication part and it is not encrypting the payload. You can
see it as childsa enc null
Before I proceed, I realize that iked is not yet finished and is missing
some important security features. I am just pointing out something that
may not be known, and perhaps should be addressed.
I have a very simple instance of 2 qemu machines, running same snapshot
of 5.3-current:
OpenBSD
Re-create a seed file on a first boot too -- better than not having any
seed at all.
Index: etc/rc
===
RCS file: /cvs/src/etc/rc,v
retrieving revision 1.400
diff -u etc/rc
--- etc/rc 6 Apr 2012 15:11:30 - 1.400
+++
On Thu, Dec 08, 2011 at 07:34:16PM +0100, Mike Belopuhov wrote:
patches for portable openssh should go to the portable openssh mailing lists:
http://mindrot.org/portable-openssh.html
(you can't apply them to openbsd source tree)
and you should probably use unified diffs (diff -up).
Here is
Please review the diff.
Thanks
Index: usr.bin/ssh/authfd.c
===
RCS file: /cvs/src/usr.bin/ssh/authfd.c,v
retrieving revision 1.84
diff -p -u -r1.84 authfd.c
--- usr.bin/ssh/authfd.c31 Aug 2010 11:54:45 - 1.84
+++
10 matches
Mail list logo