Hello, My browser is configured to only allow connections to Web sites that use AEAD cipher suites. However, https://www.mail-archive.com/ only supports the weaker CBC cipher suites. (This also results in https://ssllabs.com/ giving our site a low grade.) Would it be possible to reconfigure our TLS to add support for any AEAD ciphers? Any of the following would suffice:
* TLS_AES_256_GCM_SHA384 (TLS 1.3) * TLS_CHACHA20_POLY1305_SHA256 (TLS 1.3) * TLS_AES_128_GCM_SHA256 (TLS 1.3) * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384/ECDHE-ECDSA-AES256-GCM-SHA384 * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384/ECDHE-RSA-AES256-GCM-SHA384 * TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256/ECDHE-ECDSA-CHACHA20-POLY1305 * TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256/ECDHE-RSA-CHACHA20-POLY1305 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256/ECDHE-ECDSA-AES128-GCM-SHA256 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256/ECDHE-RSA-AES128-GCM-SHA256 With the site's current configuration, I expect that the easiest to enable would be TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384/ECDHE-RSA-AES256-GCM-SHA384 or TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256/ECDHE-RSA-AES128-GCM-SHA256. Thanks, Joseph C. Sible _______________________________________________ Gossip mailing list https://www.mail-archive.com/gossip@mail-archive.com https://www.mail-archive.com/cgi-bin/mailman/options/gossip