Hi, Now that I got SSL running properly I wanted to fiddle a bit with it, namely its cipher-list and there's something that if not good IMHO.
SSLv2 is obsolete and dangerous but SSLv3 is also largely deprecated, even the first versions of TLS are deprecated. A strict minimum for a cipher-list should be : HIGH:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1:!3DES:!RC4:!aNULL:!ADH "MEDIUM" is also acceptable but ciphers should start at least at TLSv1.2! The problem with Gluster setting is that's impossible to go above HIGH:!SSLv2:!3DES:!RC4:!aNULL:!ADH Which is bad.. Gluster uses SSL only and not TLS :-( An upgrade should be considered. -- Unix _IS_ user friendly, it's just selective about who its friends are.
_______________________________________________ Gluster-users mailing list [email protected] http://www.gluster.org/mailman/listinfo/gluster-users
