That's OK, I have a healthy dose of paranoia every now and then. :-)
The main thing that worries me with SSL tuning is what devices you're
knocking off, rather than how secure it all is. Commercial imperatives
and all that. Some of the stuff I look after still has 20-30% traffic
from win XP and the associated old versions of IE.
We're only now considering a msg that says 'Sod off and install
firefox/chrome if you must run winXP' which a lot of folks have done for
years.
All good fun...
On 20/04/14 14:41, Steve Holdoway wrote:
On 20/04/14 10:32, Steve Holdoway wrote:
To be honest, I reckon that you're being pretty paranoid ( even if it
is in the SysAdmin jobspec ) by tuning SSL at all, although I do make
all these newfangled elliptical ciphers available, and try to use the
less computationally complex options. Can't remember what not using
RC4 disables, but that also seems to be a logical step as it's been
pretty well discredited. SSL2 is in the same boat.
Sorry Chris, poorly worded. What I meant to say was that in general I
think that it's probably a bit over the top to worry about tuning SSL,
rather than intimating that you're paranoid!
_______________________________________________
Linux-users mailing list
[email protected]
http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
