[
https://issues.apache.org/jira/browse/TS-2372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13832012#comment-13832012
]
Jan-Frode Myklebust commented on TS-2372:
-----------------------------------------
Adam Langley has an argument for supporting DHE in addition to ECDHE, ref:
https://www.imperialviolet.org/2013/10/07/chacha20.html
"... As a last attempt, they'll try an SSLv3 connection with no extensions.
Several useful features get jettisoned when this occurs but the important one
for security, up until now, has been that elliptic curve support is disabled in
SSLv3. For servers that support ECDHE but not DHE that means that a network
attacker can trigger version downgrades and remove forward security from a
connection."
> Add forward security support (SSL related)
> ------------------------------------------
>
> Key: TS-2372
> URL: https://issues.apache.org/jira/browse/TS-2372
> Project: Traffic Server
> Issue Type: Improvement
> Components: HTTP
> Reporter: Bryan Call
> Assignee: James Peach
> Labels: ssl
> Fix For: 4.2.0
>
>
> mod_ssl bug and changes:
> https://issues.apache.org/bugzilla/show_bug.cgi?id=49559
> Discussion on httpd-dev list:
> http://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%[email protected]%3E
--
This message was sent by Atlassian JIRA
(v6.1#6144)
