W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

h2 ciphers

From: Stefan Eissing <stefan.eissing@greenbytes.de>
Date: Fri, 16 Oct 2015 12:35:51 +0200
Message-Id: <47048ED2-374F-4542-A4DC-C1F39AD26C0A@greenbytes.de>
To: HTTP Working Group <ietf-http-wg@w3.org>
In the documentation at https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility the "modern" compatibility specification includes the following ciphers:

ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA256

ECDHE-RSA-AES256-SHA
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA384

DHE-RSA-AES128-SHA
DHE-RSA-AES128-SHA256
DHE-RSA-AES256-SHA
DHE-RSA-AES256-SHA256
DHE-DSS-AES256-SHA
DHE-DSS-AES128-SHA256

but RFC 7540 includes TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ECDHE-RSA-AES128-SHA) and all those others as a MAY for INADEQUATE_SECURITY.

Now, assuming I got the cipher names correct, what am I to check for? Shall I be liberal in what I accept - again?

//Stefan
Received on Friday, 16 October 2015 10:36:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:39 UTC