❦ 27 février 2015 11:37 +0100, Vincent Bernat <bernat@debian.org> :
> Currently, the configuration file shipped with haproxy comes with a
> cipher list where RC4 is allowed:
>
> kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
>
> Since RC4 is almost broken, it seems a good idea to remove it. To keep
> compatibility with older browsers, other ciphers need to be introduced
> (3DES). There are many recommended cipher strings in the wild:
>
> https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
> https://wiki.mozilla.org/Security/Server_Side_TLS
> https://github.com/cloudflare/sslconfig/blob/master/conf
>
> We picked the first one. See the attached debdiff.
>
> Would such a change be accepted for Jessie? Not uploaded yet.
Hello?
--
Watch out for off-by-one errors.
- The Elements of Programming Style (Kernighan & Plauger)
Attachment:
signature.asc
Description: PGP signature