Let me start by saying I'm not a security expert by any means.... I see that the SSL_Version default is SSLv2/3.
I'm a little worried about the vulnerabilities in SSL v2 and 3. (POODLE and BEAST for example) TLS 1.0 isn't much more secure. See: https://luxsci.com/blog/ssl-versus-tls-whats-the-difference.html I'm thinking of using: TLSv1_2:TLSv1_1:!TLSv1:!SSLv2:!SSLv3 (use only TLS 1.1 or 1.2, and none of the others) Also, so we don't have to rely on the openssl config, how about this for the ciphers: EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:DES-CBC3-SHA:!RC4:!ECDHE-RSA-DES-CBC3-SHA:!aNULL:!eNULL:!LOW:3DES:!MD5:!EXP:!PSK:!SRP:!DSS THOUGHTS?? ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
