On Fri, Sep 6, 2013 at 7:16 PM, Thijs Alkemade <th...@xnyhps.nl> wrote:
> However, a large number of clients do not prioritize (EC)DHE above the non- > ephemeral variants. To enforce that these are used, it is therefore > required > to either disable all non-ephemeral suites or configure the server to > override > the client's order with the server's order. > I may be talking rubbish, but shouldn't the server be overriding the client's order by default anyway? In other news, there's a lengthy discussion on use of ADH and unauthenticated TLS in general - we;ve previously considered this largely worthless, but using it forces an outside agency trying to "dragnet" to MITM every connection, which raises significant overhead. Dave.
_______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________