[Sks-devel] HKPS SSL Ciphers

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sks-devel] HKPS SSL Ciphers

From:	Stephan Seitz
Subject:	[Sks-devel] HKPS SSL Ciphers
Date:	Tue, 11 Feb 2014 14:16:21 +0100

Hi guys,

since I've recently checked (and understood :) ) the difference of SSL
ciphers, I've build up a cypherlist which is currently used on
keyserver.secretresearchfacility.com (part of hkps pool)

The following syntax is for Apache, but can easily be changed for
lighttpd or nginx.

SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCompression off
SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA
+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:
+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!
ECDSA:CAMELLIA256:SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'


Apache 2.2 shipped with Centos6, Debian7 and Ubuntu 12.04 LTS are too
old.
If you want to take the most out of EC, use a very recent Apache 2.2 or
move over to 2.4.
Nginx and lighttpd doesn't have that limitation of EC cipher usage.


Cheers,

Stephan

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] HKPS SSL Ciphers, Stephan Seitz <=
- Re: [Sks-devel] HKPS SSL Ciphers, Benny Baumann, 2014/02/11

Prev by Date: Re: [Sks-devel] Protocol Details for HKP\HKPS\Gossip
Next by Date: [Sks-devel] Tuning
Previous by thread: [Sks-devel] Protocol Details for HKP\HKPS\Gossip
Next by thread: Re: [Sks-devel] HKPS SSL Ciphers
Index(es):
- Date
- Thread