On Saturday 25 October 2014 14:26:59 Julien Vehent wrote:
Thank you Hubert from starting this discussion. I think this can be the
base for version 4 of the document.
On 2014-10-20 08:10, Hubert Kario wrote:
The items that probably should be changed or added:
* curves weaker than
On 25/10/14 19:26, Julien Vehent wrote:
snip
I wonder if this is really useful though. Server Side TLS is a pragmatic
guide, and pragmatism dictates that operators should use SHA-256 certs,
not SHA-384 or SHA-512. When asked to review a production site that runs
a SHA-512 cert, I would recommend
Thank you Hubert from starting this discussion. I think this can be the
base for version 4 of the document.
On 2014-10-20 08:10, Hubert Kario wrote:
The items that probably should be changed or added:
* curves weaker than secp256r1 - I think they shouldn't be
enabled at all - while
Julien Vehent wrote:
Thank you Hubert from starting this discussion. I think this can be the base
for version 4 of the document.
On 2014-10-20 08:10, Hubert Kario wrote:
The items that probably should be changed or added:
* curves weaker than secp256r1 - I think they shouldn't be
Julien,
On 10/21/2014 18:02, Julien Vehent wrote:
NSS is very rarely used in servers.
Perhaps so statistically, but the products are still around. I notice
that Oracle/iPlanet/RedHat products are absent from the document.
Oracle still ships at the very least iPlanet Web Server, iPlanet Proxy
On Tuesday 21 October 2014 23:09:58 Julien Pierre wrote:
Julien,
On 10/21/2014 18:02, Julien Vehent wrote:
NSS is very rarely used in servers.
Perhaps so statistically, but the products are still around. I notice
that Oracle/iPlanet/RedHat products are absent from the document.
Oracle
On 2014-10-22 08:02, Hubert Kario wrote:
So, any comments to the proposed changes in opening mail?
Yes :) But I haven't had any spare cycles yet... It's on the todo list!
- Julien
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
On 10/21/2014 09:02 PM, Julien Vehent wrote:
NSS is very rarely used in servers.
Not true. Red Hat ships many products with NSS server configurations.
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
--On October 20, 2014 16:43:01 -0700 Julien Pierre julien.pie...@oracle.com
wrote:
Hubert,
On 10/20/2014 05:10, Hubert Kario wrote:
So I went over the https://wiki.mozilla.org/Security/Server_Side_TLS
article with a bit more attention to detail and I think we should
extend it in few places.
Chris,
On 10/21/2014 11:43, Chris Newman wrote:
At this point, the OpenSSL-style cipher suite adjustment string has become a
de-facto standard. So I believe NSS should be modified to follow that de-facto
standard rather than expecting those writing security advice to do extra work:
On 2014-10-21 19:20, Julien Pierre wrote:
I wasn't even specifically referring to cipher strings, but the whole
document seems to be about servers running OpenSSL, though I did see
a
few references to GnuTLS as well.
There are also servers running NSS, Microsoft SSL stacks, proprietary
SSL
So I went over the https://wiki.mozilla.org/Security/Server_Side_TLS
article with a bit more attention to detail and I think we should
extend it in few places.
Especially if it is supposed to be also the general recommendation
for servers, not just for ones that are part of Mozilla network.
The
Hubert,
On 10/20/2014 05:10, Hubert Kario wrote:
So I went over the https://wiki.mozilla.org/Security/Server_Side_TLS
article with a bit more attention to detail and I think we should
extend it in few places.
Especially if it is supposed to be also the general recommendation
for servers, not
13 matches
Mail list logo