Talk:Security/Server Side TLS: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 8: Line 8:


RC4-based ciphers '''ought to be completely removed''' from the list, better attacks are coming like this one: https://www.usenix.org/conference/usenixsecurity13/security-rc4-tls'
RC4-based ciphers '''ought to be completely removed''' from the list, better attacks are coming like this one: https://www.usenix.org/conference/usenixsecurity13/security-rc4-tls'
== DSS / DSA ==
Since DSA keys are limited to 1024 bit, and 1024 aren't considered safe anymore, and I see no compatibility issues on the server side to keep them, I suggest we remove all DSS/DSA ciphers from the list for servers.


== Page protection ==
== Page protection ==


This wiki page is protected against changes. Changes must be discussed in this section beforehand. If you have any comments, please leave them here.
This wiki page is protected against changes. Changes must be discussed in this section beforehand. If you have any comments, please leave them here.

Revision as of 12:28, 1 November 2013

Sources: https://jve.linuxwall.info/blog/index.php?post/2013/10/12/A-grade-SSL/TLS-with-Nginx-and-StartSSL https://www.insecure.ws/2013/10/11/ssltls-configuration-for-apache-mod_ssl/

RC4

Full discussion: https://bugzilla.mozilla.org/show_bug.cgi?id=927045

RC4-based ciphers ought to be completely removed from the list, better attacks are coming like this one: https://www.usenix.org/conference/usenixsecurity13/security-rc4-tls'

Page protection

This wiki page is protected against changes. Changes must be discussed in this section beforehand. If you have any comments, please leave them here.

Retrieved from "https://wiki.mozilla.org/index.php?title=Talk:Security/Server_Side_TLS&oldid=747412"