Hi all, For those running HKPS-enabled servers in the pool, what protocols and ciphersuites do you use?
I'd hope that it'd be safe these days to disable SSLv2. How about SSLv3? RC4? I'd like to provide a reasonable fallback to older clients that don't support modern ciphers, but without jeopardizing the security of modern clients that do. It appears gnupg-curl on Debian systems supports DHE-RSA-AES256-SHA256 and TLS 1.2. A random HKPS query to my server used TLSv1.2 and ECDHE-RSA-AES256-GCM-SHA384, which is promising. Any recommendations? Cheers! -Pete
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel