Talk:Security/Server Side TLS: Difference between revisions
(→RC4) |
No edit summary |
||
| Line 8: | Line 8: | ||
RC4-based ciphers '''ought to be completely removed''' from the list, better attacks are coming like this one: https://www.usenix.org/conference/usenixsecurity13/security-rc4-tls' | RC4-based ciphers '''ought to be completely removed''' from the list, better attacks are coming like this one: https://www.usenix.org/conference/usenixsecurity13/security-rc4-tls' | ||
== DSS / DSA == | |||
Since DSA keys are limited to 1024 bit, and 1024 aren't considered safe anymore, and I see no compatibility issues on the server side to keep them, I suggest we remove all DSS/DSA ciphers from the list for servers. | |||
== Page protection == | == Page protection == | ||
This wiki page is protected against changes. Changes must be discussed in this section beforehand. If you have any comments, please leave them here. | This wiki page is protected against changes. Changes must be discussed in this section beforehand. If you have any comments, please leave them here. | ||
Revision as of 12:14, 1 November 2013
Sources: https://jve.linuxwall.info/blog/index.php?post/2013/10/12/A-grade-SSL/TLS-with-Nginx-and-StartSSL https://www.insecure.ws/2013/10/11/ssltls-configuration-for-apache-mod_ssl/
RC4
Full discussion: https://bugzilla.mozilla.org/show_bug.cgi?id=927045
RC4-based ciphers ought to be completely removed from the list, better attacks are coming like this one: https://www.usenix.org/conference/usenixsecurity13/security-rc4-tls'
DSS / DSA
Since DSA keys are limited to 1024 bit, and 1024 aren't considered safe anymore, and I see no compatibility issues on the server side to keep them, I suggest we remove all DSS/DSA ciphers from the list for servers.
Page protection
This wiki page is protected against changes. Changes must be discussed in this section beforehand. If you have any comments, please leave them here.