6
edits
Talk:Security/Server Side TLS: Difference between revisions
Jump to navigation
Jump to search
Talk:Security/Server Side TLS (view source)
Revision as of 11:57, 29 November 2013
, 29 November 2013→Prioritzation logic and ciphersuite recomendation: new section
No edit summary |
(→Prioritzation logic and ciphersuite recomendation: new section) |
||
| Line 12: | Line 12: | ||
This wiki page is protected against changes. Changes must be discussed in this section beforehand. If you have any comments, please leave them here. | This wiki page is protected against changes. Changes must be discussed in this section beforehand. If you have any comments, please leave them here. | ||
== Prioritzation logic and ciphersuite recomendation == | |||
The Prioritization logic says to prioritize 128 bit AES over 256 bit, but recommended ciphersuite has DHE-RSA-AES256* prioritized over DHE-RSA-AES128*. Breaking rule #3. Lots of non-forward-secret ciphers are prioritized over DHE-RSA-AES128*, breaking rule #2. | |||
I think the recommended ciphersuite should be fixed to reflect the rules in the priorization logic. | |||