:: On Fri, 3 Jun 2016 12:29:01 +0200 :: <[email protected]> :: Grayhat <[email protected]> wrote:
> :: On Fri, 3 Jun 2016 10:17:58 +0000 > :: <[email protected]> > :: Martin Voßloh <[email protected]> wrote: > > > Hi, > > > > it´s possible that the entry is going wrong in this mail? > > > > kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+RC4:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!DSS:!PSK:!SRP:!kECDH:!CAMELLIA128:!IDEA:!SEED > > > > the "k" in front of some entrys? > > no, the "k" is correct, stands for "key exchange" and is accepted by > OpenSSL w/o problems (also tried it with other apps using OpenSSL to > implement SSL support) notice that, using the above string, you'll offer the following ciphers Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA Accepted TLSv1.2 256 bits AES256-GCM-SHA384 Accepted TLSv1.2 256 bits AES256-SHA256 Accepted TLSv1.2 256 bits AES256-SHA Accepted TLSv1.2 256 bits CAMELLIA256-SHA Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA Accepted TLSv1.2 128 bits AES128-GCM-SHA256 Accepted TLSv1.2 128 bits AES128-SHA256 Accepted TLSv1.2 128 bits AES128-SHA Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Accepted TLSv1.2 128 bits RC4-SHA Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA Accepted TLSv1.1 256 bits AES256-SHA Accepted TLSv1.1 256 bits CAMELLIA256-SHA Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA Accepted TLSv1.1 128 bits AES128-SHA Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Accepted TLSv1.1 128 bits RC4-SHA Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA Accepted TLSv1.0 256 bits AES256-SHA Accepted TLSv1.0 256 bits CAMELLIA256-SHA Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA Accepted TLSv1.0 128 bits AES128-SHA Accepted TLSv1.0 128 bits ECDHE-RSA-RC4-SHA Accepted TLSv1.0 128 bits RC4-SHA if using a normal certificate, if instead you have an ECDSA enabled certificate, you'll also offer the following ciphers in addition to the above (and preferred) ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 as you see, the setup offers the stronger ciphers firts while still mantaining support for weaker, older ones as a last resource which helps mantaining compatibility with older clients ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
