❦ 27 février 2015 11:37 +0100, Vincent Bernat <bernat@debian.org> : > Currently, the configuration file shipped with haproxy comes with a > cipher list where RC4 is allowed: > > kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL > > Since RC4 is almost broken, it seems a good idea to remove it. To keep > compatibility with older browsers, other ciphers need to be introduced > (3DES). There are many recommended cipher strings in the wild: > > https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ > https://wiki.mozilla.org/Security/Server_Side_TLS > https://github.com/cloudflare/sslconfig/blob/master/conf > > We picked the first one. See the attached debdiff. > > Would such a change be accepted for Jessie? Not uploaded yet. Hello? -- Watch out for off-by-one errors. - The Elements of Programming Style (Kernighan & Plauger)
Attachment:
signature.asc
Description: PGP signature