@free.fr>;
haproxy+h...@formilux.org <haproxy@formilux.org>
Subject: Re: Enable SSL Forward Secrecy
On Fri, Sep 01, 2017 at 07:37:50PM +0200, Daniel Schneller wrote:
> Hi,
>
> inspired by this, I added a paragraph with links to the documentation.
> Small patch attached.
Cool, thank
On Fri, Sep 01, 2017 at 07:37:50PM +0200, Daniel Schneller wrote:
> Hi,
>
> inspired by this, I added a paragraph with links to the documentation.
> Small patch attached.
Cool, thanks Daniel, now applied.
Willy
Hi,inspired by this, I added a paragraph with links to the documentation.Small patch attached.Cheers,Daniel
0001-DOC-Refer-to-Mozilla-TLS-info-config-generator.patch
Description: Binary data
-- Daniel SchnellerPrincipal Cloud Engineer CenterDevice GmbH | Hochstraße 11
On Fri, Sep 01, 2017 at 07:04:36PM +0200, Willy Tarreau wrote:
> Hi Cyril,
s/Cyril/Lukas, sorry guys, that's what happens when I read one e-mail
and reply to another one at the same time :-)
Willy
Hi Cyril,
On Wed, Aug 30, 2017 at 06:55:07PM +0200, Lukas Tribus wrote:
> Hello,
>
>
> > Hehe yikes! This was it. It's normal that someone get's lost in all
> > this cipher crap and it should be written in the HaProxy manual as
> > an important step on how to harden security.
>
> Its not a
Hello,
> Hehe yikes! This was it. It’s normal that someone get’s lost in all
> this cipher crap and it should be written in the HaProxy manual as
> an important step on how to harden security.
Its not a good idea to suggest specific cipher settings in the manual, as
the situation may change
Darn! Looking at the “openssl ciphers” Julian provided earlier, my mind
“autocompleted" the missing trailing “E” in ECDH (/me facepalms).
Thanks, Cyril, for pointing that out!
I was starting to doubt myself here :)
Cheers,
Daniel
--
Daniel Schneller
Principal Cloud Engineer
CenterDevice
Hi Julian,
> De: "Julian Zielke"
> Hi,
>
> I’m struggeling with enabling SSL forward secrecy in my haproxy 1.7
> setup.
>
> So far the global settings look like:
>
> tune.ssl.default-dh-param 2048 # tune shared secred to 2048bits
> ssl-default-bind-options
<ge...@riseup.net <mailto:ge...@riseup.net>>;
> haproxy+h...@formilux.org <mailto:haproxy+h...@formilux.org>
> <haproxy@formilux.org <mailto:haproxy@formilux.org>>
> Betreff: Re: Enable SSL Forward Secrecy
>
> Well, that’s quite extensiv
RSA-AES-128-CBC-SHA
> SRP-AES-128-CBC-SHA
> ECDH-RSA-AES128-SHA
> ECDH-ECDSA-AES128-SHA
> AES128-SHA
> PSK-AES128-CBC-SHA
>
> Julian
>
> Von: Daniel Schneller [mailto:daniel.schnel...@centerdevice.com
> <mailto:daniel.schnel...@centerdevice.com>]
> Gesend
n is 1.7.9.
>
> Julian
>
> Von: Daniel Schneller [mailto:daniel.schnel...@centerdevice.com]
> Gesendet: Mittwoch, 30. August 2017 11:58
> An: Julian Zielke <jzie...@next-level-integration.com>
> Cc: Georg Faerber <ge...@riseup.net>; haproxy+h...@formilux.org
&g
ote:
>
> Hi Georg,
>
> tried this already without effect.
>
> - Julian
>
> -Ursprüngliche Nachricht-
> Von: Georg Faerber [mailto:ge...@riseup.net]
> Gesendet: Mittwoch, 30. August 2017 11:51
> An: haproxy@formilux.org
> Betreff: Re: Enable SSL F
ation.com>
> Cc: haproxy+h...@formilux.org <haproxy@formilux.org>
> Betreff: Re: Enable SSL Forward Secrecy
>
> Hi,
>
> You might want to include a link to your Qualys results to help others see
> what exactly they say.
> At a casual glance the ciphers looks ok, but
On 17-08-30 09:33:23, Julian Zielke wrote:
> Hi,
>
> I'm struggeling with enabling SSL forward secrecy in my haproxy 1.7 setup.
>
> So far the global settings look like:
>
> tune.ssl.default-dh-param 2048 # tune shared secred to 2048bits
>
> ssl-default-bind-options force-tlsv12 no-sslv3
>
Hi,
You might want to include a link to your Qualys results to help others see what
exactly they say.
At a casual glance the ciphers looks ok, but it would be easier to see the
SSLlabs output.
If you don’t want to share it, I suggest scrolling down and looking at the
results of the per-browser
15 matches
Mail list logo