>
> May I further "criticize" that the HTTPS version of the wiki causes a
> mixed content warning although it only loads from cryptopp.com and
> www.cryptopp.com?
>
OK, I thought we cleared the mixed content warnings. Can you provide
specific information, like a URL that produces the mixed content warning?
> May I further question the web server's cipher suite preference? It
> prefers TLS_RSA_WITH_AES_256_CBC_SHA over
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 it looks like it's configured like
> something HIGH:MEDIUM:@STRENGTH
> Personally I'd prefer
> "EECDH+aRSA+AESGCM:EECDH+aRSA+AES:+EECDH+aRSA+AES+SHA1" which enforces
> ECDHE and RSA and prefers GCM over CBC+SHA2 over CBC+SHA1.
>
Here are the two settings of interest from /etc/httpd/conf.d/ssl.conf :
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!aNULL:!MD5:!RC4
Out of curiosity, what part of the site needs forward secrecy? Everything
that can be downloaded over HTTPS is available over HTTP, and its available
to everyone.
Jeff
--
--
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
