- From: Stefan Eissing <stefan.eissing@greenbytes.de>
- Date: Fri, 16 Oct 2015 12:35:51 +0200
- To: HTTP Working Group <ietf-http-wg@w3.org>
In the documentation at https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility the "modern" compatibility specification includes the following ciphers: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES256-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA DHE-RSA-AES256-SHA256 DHE-DSS-AES256-SHA DHE-DSS-AES128-SHA256 but RFC 7540 includes TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ECDHE-RSA-AES128-SHA) and all those others as a MAY for INADEQUATE_SECURITY. Now, assuming I got the cipher names correct, what am I to check for? Shall I be liberal in what I accept - again? //Stefan
Received on Friday, 16 October 2015 10:36:18 UTC