On Sat, Feb 21, 2015 at 08:52:59AM +0100, Vincent Bernat wrote: > ? 20 février 2015 22:50 +0100, Kurt Roeckx <k...@roeckx.be> : > > > Please note that RC4 in the default configuration should never be > > negiotated by modern clients and servers. The problem is > > administrators who think they know better changed somethign not to > > use the defaults. If we adjust the defaults it's not going to fix > > anything. > > Many administrators don't use the defaults because the defaults are most > of the time inappropriate for a web server. At some time, RC4 was widely > advertised as the preferred cipher because it was immune to BEAST and > supported by all browsers from IE6.
The defaults are good enough, as long as you don't really care about PFS because IE doesn't have those at the top of it's list. If you just change it to prefer the default server ordering you should already have a decent list, but it prefers AES256 over AES128 while there is no need for that. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
