>> Unbound 1.9.0rc1 pre-release is available > > Hello, > > some points I noticed while diffing against 1.8.3: > * doc/example.conf.in > tls-chiphers and tls-ciphersuites suggest ciphersuites in an uncommon > order > tls-chiphers prefer DHE over ECDHE while DHE is slower > tls-ciphersuites prefer CCM over GCM and Chacha > > -> without deeper knowledge I feel, this list is not a good suggestion.
thanks for bringing this up, I just wanted to add this list of recommended ciphers from RFC7525 [1] (even though this RFC is from before TLS 1.3 was published) o TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 o TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 o TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 o TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [1] https://tools.ietf.org/html/rfc7525#section-4.2 -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
signature.asc
Description: OpenPGP digital signature
