Talk:Security/Server Side TLS: Difference between revisions

Jump to navigation Jump to search

Talk:Security/Server Side TLS (view source)

Revision as of 11:58, 29 November 2013

1 byte added ,  29 November 2013
→‎Prioritzation logic and ciphersuite recomendation
Line 13: Line 13:
This wiki page is protected against changes. Changes must be discussed in this section beforehand. If you have any comments, please leave them here.
This wiki page is protected against changes. Changes must be discussed in this section beforehand. If you have any comments, please leave them here.


== Prioritzation logic and ciphersuite recomendation ==
== Prioritzation logic and ciphersuite recommendation ==


The  Prioritization logic says to prioritize 128 bit AES over 256 bit, but recommended ciphersuite has DHE-RSA-AES256* prioritized over DHE-RSA-AES128*. Breaking rule #3. Lots of non-forward-secret ciphers are prioritized over DHE-RSA-AES128*, breaking rule #2.
The  Prioritization logic says to prioritize 128 bit AES over 256 bit, but recommended ciphersuite has DHE-RSA-AES256* prioritized over DHE-RSA-AES128*. Breaking rule #3. Lots of non-forward-secret ciphers are prioritized over DHE-RSA-AES128*, breaking rule #2.


I think the recommended ciphersuite should be fixed to reflect the rules in the priorization logic.
I think the recommended ciphersuite should be fixed to reflect the rules in the priorization logic.
Janfrode
6

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/777156"

Navigation menu