[guardian-dev] Improving enabled TLS Cipher Suites

coderman coderman at gmail.com
Fri Nov 15 20:55:04 EST 2013


On Wed, Sep 11, 2013 at 3:13 PM, coderman <coderman at gmail.com> wrote:
> of all the suites, these look good (assuming 2k RSA keys)


Google has a nice post summarizing the current minefield of cipher suites:
  http://googleonlinesecurity.blogspot.com/2013/11/a-roster-of-tls-cipher-suites-weaknesses.html

good luck negotiating TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
any time soon ;)


note that the CBC suites could be OK, as long as they're not used insecurely.


best regards,


More information about the Guardian-dev mailing list