17 Mar
2015
17 Mar
'15
7:42 p.m.
Hi Am 17.03.2015 um 19:18 schrieb Jeremy Cole:
But the whole encryption_algorithm stuff seems not well thought out in any case
there was a recent thread on the orcle list today it's sad that ECHDE / AES-GCM / SHA256 are not working at all currently only DHE-RSA-AES128-SHA / DHE-RSA-AES256-SHA are working with forward secrecy at all while CBC instead GCM should be avoided beause security as well as performance on modern CPU's ssl-cipher = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:RSA-AES256-SHA