Confirmed users
529
edits
Security/Server Side TLS: Difference between revisions
→Zeus (Riverbed Stingray)
Gdestuynder (talk | contribs) (→Citrix Netscaler: fixed the apache section, added dh param note) |
|||
| Line 193: | Line 193: | ||
Zeus lacks support for TLS1.2, Elliptic Curves, AES-GCM and OCSP Stapling. | Zeus lacks support for TLS1.2, Elliptic Curves, AES-GCM and OCSP Stapling. | ||
The recommended prioritization is | The recommended prioritization is: | ||
# DHE-RSA-AES128-SHA | # DHE-RSA-AES128-SHA | ||
# DHE-RSA-AES256-SHA | # DHE-RSA-AES256-SHA | ||
| Line 201: | Line 201: | ||
# DES-CBC3-SHA | # DES-CBC3-SHA | ||
# EDH-RSA-DES-CBC3-SHA | # EDH-RSA-DES-CBC3-SHA | ||
While the recommended DH prime size is 2048, problems with client libraries, such as Java 6, make this impossible to deploy for now. Therefore, a DH prime of 1024 bits should be used until all clients are compatible with larger primes. | |||
Zeus uses RSA BSAFE crypto library. | Zeus uses RSA BSAFE crypto library. | ||