Talk:Security/Server Side TLS

From MozillaWiki
Revision as of 12:14, 1 November 2013 by Kroeckx (talk | contribs)
Jump to navigation Jump to search

Sources: https://jve.linuxwall.info/blog/index.php?post/2013/10/12/A-grade-SSL/TLS-with-Nginx-and-StartSSL https://www.insecure.ws/2013/10/11/ssltls-configuration-for-apache-mod_ssl/

RC4

Full discussion: https://bugzilla.mozilla.org/show_bug.cgi?id=927045

RC4-based ciphers ought to be completely removed from the list, better attacks are coming like this one: https://www.usenix.org/conference/usenixsecurity13/security-rc4-tls'

DSS / DSA

Since DSA keys are limited to 1024 bit, and 1024 aren't considered safe anymore, and I see no compatibility issues on the server side to keep them, I suggest we remove all DSS/DSA ciphers from the list for servers.

Page protection

This wiki page is protected against changes. Changes must be discussed in this section beforehand. If you have any comments, please leave them here.

Retrieved from "https://wiki.mozilla.org/index.php?title=Talk:Security/Server_Side_TLS&oldid=747407"