[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sks-devel] Recommended HKPS protocols & ciphersuites?

From: Pete Stephenson
Subject: [Sks-devel] Recommended HKPS protocols & ciphersuites?
Date: Sun, 03 Aug 2014 21:29:49 +0200
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

Hi all,

For those running HKPS-enabled servers in the pool, what protocols and
ciphersuites do you use?

I'd hope that it'd be safe these days to disable SSLv2. How about SSLv3?

I'd like to provide a reasonable fallback to older clients that don't
support modern ciphers, but without jeopardizing the security of modern
clients that do.

It appears gnupg-curl on Debian systems supports DHE-RSA-AES256-SHA256
and TLS 1.2. A random HKPS query to my server used TLSv1.2 and
ECDHE-RSA-AES256-GCM-SHA384, which is promising.

Any recommendations?


Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]