Dear friends, Google has implemented in 2011 "forward secrecy" via ephemeral keys and Diffie-Hellman key exchange in OpenSSL [1].Since this feature of OpenSSL this is easy to use, i added support for forward secrecy to nsssl. One can new use these improved security features by adding DH parameters [2] to the server.pem file (see example in README [3]) and by using the "right" ciphers (*E*DH*, see e.g. [4]).
By using these features, a web site can improve its security ratings as measured e.g. by Qualys' SSL Labs. all the best -gustaf neumann [1] http://googleonlinesecurity.blogspot.co.at/2011/11/protecting-data-for-long-term-with.html [2] https://bitbucket.org/naviserver/nsssl/src [3] http://en.wikibooks.org/wiki/OpenSSL/Diffie-Hellman_parameters [4] https://wiki.mozilla.org/Security/Server_Side_TLS ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel
