[
https://issues.apache.org/jira/browse/TS-2400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13877739#comment-13877739
]
Adam W. Dace commented on TS-2400:
----------------------------------
If someone wants to give me the definitive config of ciphers to go along with
"master", I'd be happy to test them against various sites on the
Internet...especially Amazon, Facebook, Google, etc.
> Our default SSL cipher-suite advocates speed over security
> ----------------------------------------------------------
>
> Key: TS-2400
> URL: https://issues.apache.org/jira/browse/TS-2400
> Project: Traffic Server
> Issue Type: Bug
> Components: Configuration, SSL
> Reporter: Igor Galić
> Assignee: Igor Galić
> Fix For: 4.2.0
>
>
> Our default cipher-suite advocates speed over security:
> {code}
> RC4-SHA:AES128-SHA:DES-CBC3-SHA:AES256-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL
> {code}
> Worse yet, it still has RC4 in there, along with some other bad defaults. RC4
> must be eradicated:
> https://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx?Redirected=true
> We should by default advocate security, which means, we should advocate
> Perfect Forward Secrecy, which means we should also advocate OpenSSL >=
> 1.0.1e
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
