>Steve, have you considered trimming the DEFAULT cipher list? >It's currently... >#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" > I wonder how many of these ciphers are actually ever negotiated in real-world > use.
I'm forwarding a bit of internal discussion; hope it's useful. This is from one of our chief info-sec people: My weak opinion is that cipher brokenness is most important (so put 3DES and RC4 last, and the AEAD modes ahead of the MAC-then-encrypt modes), followed by hash strength, followed by PFS presence, followed by SHA and AES bit length. I think that would give us: ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 AES256-SHA256 AES128-SHA256 AES128-SHA RC4-SHA DES-CBC3-SHA -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: rs...@jabber.me; Twitter: RichSalz :��I"Ϯ��r�m���� (����Z+�7�zZ)���1���x��h����W^��^��%�� ��&jם.+-1�ځ��j:+v�������h�