On 4 August 2010 23:05, Kees Cook <k...@ubuntu.com> wrote: > Hi Jim, > > On Wed, Aug 04, 2010 at 09:44:25AM -0400, Jim Tarvid wrote: >> Why not kill the weak ciphers too? > > Sure! Can you send a patch for this?
If this is done, please reenable the 'none' cypher, so we can get decent performance on slow/small systems where security isn't important (eg on a trusted LAN). I believe Debian disabled this previously, so I was using arcfour128, which is a 'weak' cipher. I agree to removing weak ciphers and SSLv2 to ensure people don't get a false sense of security, or use broken protocols. Thanks, Daniel > Thanks! > > -Kees > >> >> On Mon, Jul 19, 2010 at 6:09 PM, Eric Peters <e...@linuxsystems.net> wrote: >> >> > Like Scott said make it die! But I guarantee it's going to break something, >> > what that something is the question. >> > >> > Cheers, >> > Eric >> > >> > >> > On Mon, Jul 19, 2010 at 3:06 PM, Kees Cook <k...@ubuntu.com> wrote: >> > >> >> Hi Laurent, >> >> >> >> On Mon, Jul 19, 2010 at 11:34:47PM +0200, Laurent Bigonville wrote: >> >> > Le Mon, 19 Jul 2010 14:12:15 -0700, >> >> > Kees Cook <k...@ubuntu.com> a écrit : >> >> > >> >> > > Thoughts? >> >> > >> >> > Shouldn't this be coordinated with Debian? >> >> >> >> Yes, if there isn't strong objection in Ubuntu, my next step would be to >> >> propose it to Debian as well. >> >> >> >> -Kees -- Daniel J Blueman -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam