Talk:Security/Server Side TLS: Difference between revisions

Jump to navigation Jump to search

Talk:Security/Server Side TLS (view source)

Revision as of 22:08, 11 April 2014

252 bytes added ,  11 April 2014
SSL v3 support question
(SSL v3 support question)
Line 85: Line 85:
==== 3. DHE keysize ====
==== 3. DHE keysize ====
On DHE, it is important to note that, right now, all TLS servers that need backward compatibility are limited to 1024 bits DHE keys. Java 6, for example, doesn't support DHE keys higher than 1024 bits. The question is between trusted a single RSA key that's 2048 bits, or accepting to reduce the security to 1024bits, but using different keys for each session. We chose the later, and use 1024 bits DHE keys.
On DHE, it is important to note that, right now, all TLS servers that need backward compatibility are limited to 1024 bits DHE keys. Java 6, for example, doesn't support DHE keys higher than 1024 bits. The question is between trusted a single RSA key that's 2048 bits, or accepting to reduce the security to 1024bits, but using different keys for each session. We chose the later, and use 1024 bits DHE keys.
=== SSL v3 ===
SSL Labs recommends not support SSL v3 unless there's a very good reason.
https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf
All the recommended configurations here support SSL v3.  Is there a reason for that?
Mkwan
2

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/963652"

Navigation menu