Am 26.05.2014 13:58, schrieb Hani Benhabiles: > On 2014-05-26 12:07, Reindl Harald wrote: > > Because there is no such thing as "default" DH parameters to be used for > DHE by the server. Not with GnuTLS 2.x nor > with GnuTLS 3.x... > > Don't trust me ? > - Check openssl s_server's -dhparam > - Check gnutls's --dhparams > - Check nginx' ssl_dhparam configuration > - Check openvpn's --dh > etc,...
that must be why Apache can offer DHE for years without
specific configurations and even if it needs dh-params
it can be not that hard to generate them automatically
* dovecot can
* postfix can
* apache can
only GSA can't
[harry@rh:~]$ sslscan openvas | grep Accepted
Accepted SSLv3 256 bits AES256-SHA
Accepted SSLv3 168 bits DES-CBC3-SHA
Accepted SSLv3 128 bits AES128-SHA
Accepted SSLv3 128 bits RC4-SHA
Accepted SSLv3 128 bits RC4-MD5
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 256 bits CAMELLIA256-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 128 bits CAMELLIA128-SHA
Accepted TLSv1 128 bits RC4-SHA
Accepted TLSv1 128 bits RC4-MD5
Accepted TLS11 256 bits AES256-SHA
Accepted TLS11 256 bits CAMELLIA256-SHA
Accepted TLS11 168 bits DES-CBC3-SHA
Accepted TLS11 128 bits AES128-SHA
Accepted TLS11 128 bits CAMELLIA128-SHA
Accepted TLS11 128 bits RC4-SHA
Accepted TLS11 128 bits RC4-MD5
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
