Am 12.11.2016 um 03:32 schrieb Alice Wonder: > For my equivalent of your Configuration A list, on servers where > sensitive information is transferred to and from the server, I do limit > it to TLS 1.2 and I also only use ECDSA certificates, I haven't yet come > across a user with a client that can do TLS 1.2 that doesn't handle > ECDSA.
Why use (EC)DSA? DSA based cripto is the first thing that I would deactivate. Many other guides recommend disableing DSA as well. Compared to RSA, DSA has some attack vectors that are just unneccessary: For many operations DSA needs randomness, but in contrast to RSA, repeated use of the same random data or otherwise compromised random number generators will not only compromise the security of the specific operation. If the random numbers are not the best quality, then it is possible to compromise YOUR PRIVATE KEY. Danial Bernstein about DSA and other broken standards: https://blog.cr.yp.to/20140411-nist.html _______________________________________________ Ach mailing list Ach@lists.cert.at http://lists.cert.at/cgi-bin/mailman/listinfo/ach