or > Le 2 mai 2017 à 17:14, Lukas Tribus <luky...@hotmail.com> a écrit : > > Hello, > > >> Hi Lukas, >> >> The response is in our link: >> [2] https://github.com/openssl/openssl/issues/541 >> >> No need to disable this option per default and option is needed for security. > > The point is: when the admin is aware of TLS security, he can easily add > a new config option on a major software upgrade, and we can even add this for > example to the mozilla TLS config generator as well. But, if this is just a > copy&paste from a 3 year old blog post, SSL_OP_CIPHER_SERVER_PREFERENCE > actively harms security, as a browser will have a more uptodate cipher > preference list then the server, but server preference will ignore it. > > The old RC4 preference instead of AES-CBC, for example: > https://github.com/libressl-portable/portable/issues/66#issuecomment-183822438 > > >> The equal-preference groups work with server preference. I tested it with >> BoringSSL. > > I care primarily about vanilla OpenSSL, and in don't get a sense that there > is an > interest to implement this for TLSv1.2. >
It make sense with AEAD ciphers like AES-GCM and CHACHA20-POLY1305. and it’s compatible with TLSv1.2. https://www.ssllabs.com/ssltest/analyze.html?d=www.google.com&s=216.58.195.68&hideResults=on (P) This server prefers ChaCha20 suites with clients that don't have AES-NI (e.g., Android devices) > What I want for haproxy is to be flexible enough to adress all cases, as is > Apache > and nginx. I don’t like to change the default behavior if it can impact the security. I think no-prefer-server-ciphers or simply prefer-client-ciphers would be a better choice. ++ Manu
