[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14603319#comment-14603319
]
ASF subversion and git services commented on TS-3136:
-
Commit
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14601036#comment-14601036
]
ASF subversion and git services commented on TS-3136:
-
Commit
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14601040#comment-14601040
]
ASF GitHub Bot commented on TS-3136:
Github user asfgit closed the pull request at:
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14599486#comment-14599486
]
ASF GitHub Bot commented on TS-3136:
Github user shinrich closed the pull request at:
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14599488#comment-14599488
]
ASF GitHub Bot commented on TS-3136:
GitHub user shinrich opened a pull request:
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14599395#comment-14599395
]
Susan Hinrichs commented on TS-3136:
Talking with more people, some clients (namely Java
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14599671#comment-14599671
]
Susan Hinrichs commented on TS-3136:
@bcall noted that no clients will actually negotiate
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14597653#comment-14597653
]
Susan Hinrichs commented on TS-3136:
[~briang] and [~jacksontj] any comments on your
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14598324#comment-14598324
]
Brian Geffon commented on TS-3136:
--
[~shinrich], basically what we found was that upgrading
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14595053#comment-14595053
]
Susan Hinrichs commented on TS-3136:
Agreed. Independent of the DHE in default cipher
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594463#comment-14594463
]
John Eaglesham commented on TS-3136:
People don't use DHE because of the performance
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594586#comment-14594586
]
Susan Hinrichs commented on TS-3136:
As I recall, with the dhparams enabled, their
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594642#comment-14594642
]
Leif Hedstrom commented on TS-3136:
---
[~shinrich] I'm almost 100% sure that they did have
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594654#comment-14594654
]
Susan Hinrichs commented on TS-3136:
[~zwoop] that is correct. We changed things to the
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594711#comment-14594711
]
John Eaglesham commented on TS-3136:
If we want to disable DHE in the default install
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594878#comment-14594878
]
Leif Hedstrom commented on TS-3136:
---
Yeah, I'm +1 on doing the right thing with DHE for
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594125#comment-14594125
]
Susan Hinrichs commented on TS-3136:
And because you cannot have too much fun playing
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594017#comment-14594017
]
Susan Hinrichs commented on TS-3136:
I ran an experiment to estimate the impact of DHE on
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594073#comment-14594073
]
Susan Hinrichs commented on TS-3136:
I spent today running experiments with a variety of
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594077#comment-14594077
]
Susan Hinrichs commented on TS-3136:
For reference, here is the 5.x default cipher suite
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593193#comment-14593193
]
Ivan Ristic commented on TS-3136:
-
I think the proposed cipher suite selection is pretty good
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593477#comment-14593477
]
Susan Hinrichs commented on TS-3136:
[~jeaglesham] and [~ivanr] thanks for your comments.
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593519#comment-14593519
]
Ivan Ristic commented on TS-3136:
-
That's great, thanks! By the way, if ATS is currently
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593528#comment-14593528
]
Ivan Ristic commented on TS-3136:
-
[~shinrich] the value of keeping DHE around is to use for
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593518#comment-14593518
]
Susan Hinrichs commented on TS-3136:
TS-3624 is the bug Igor filed suggesting that we
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14593573#comment-14593573
]
Susan Hinrichs commented on TS-3136:
It looks like we have around 5% hitting non-PFS
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14592951#comment-14592951
]
John Eaglesham commented on TS-3136:
Should we prefer AES128 over AES256? AES128 is
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14592524#comment-14592524
]
ASF GitHub Bot commented on TS-3136:
GitHub user shinrich opened a pull request:
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14592485#comment-14592485
]
Susan Hinrichs commented on TS-3136:
Ran some tests on a production box in Y! Based on
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14589978#comment-14589978
]
ASF GitHub Bot commented on TS-3136:
Github user persiaAziz closed the pull request at:
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14588253#comment-14588253
]
Dave Thompson commented on TS-3136:
---
I did some performance tests a while back using ATS.
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14588169#comment-14588169
]
Susan Hinrichs commented on TS-3136:
[~jacksontj] did the increase in 3DES impact your
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14588316#comment-14588316
]
Dave Thompson commented on TS-3136:
---
Doh, I meant RC4 as in RC4_SHA, That would be a
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14588193#comment-14588193
]
Thomas Jackson commented on TS-3136:
Nothing noticable-- but TBH both of these are really
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14588162#comment-14588162
]
Thomas Jackson commented on TS-3136:
[~shinrich] In our testing/experience you can drop
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14586515#comment-14586515
]
Susan Hinrichs commented on TS-3136:
We've had one person review the list internally, and
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14586594#comment-14586594
]
John Eaglesham commented on TS-3136:
I think it's better to ship a secure SSL
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583653#comment-14583653
]
Leif Hedstrom commented on TS-3136:
---
Fwiw, I didn't mean to imply that we should just
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583609#comment-14583609
]
ASF GitHub Bot commented on TS-3136:
GitHub user persiaAziz opened a pull request:
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583649#comment-14583649
]
ASF GitHub Bot commented on TS-3136:
Github user jpeach commented on the pull request:
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583654#comment-14583654
]
Bryan Call commented on TS-3136:
[~persiaAziz]
Was this just a copy and paste of the mozilla
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583658#comment-14583658
]
ASF GitHub Bot commented on TS-3136:
Github user shinrich commented on the pull request:
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583688#comment-14583688
]
Syeda Persia Aziz commented on TS-3136:
---
I agree
Change default TLS cipher suites
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583728#comment-14583728
]
Susan Hinrichs commented on TS-3136:
I think we may want to consider the following string
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583706#comment-14583706
]
Susan Hinrichs commented on TS-3136:
@bcall, do you mean the yahoo security team? Or is
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14583847#comment-14583847
]
Dave Thompson commented on TS-3136:
---
In march, I did a survey of ciphers selected by
[
https://issues.apache.org/jira/browse/TS-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14216871#comment-14216871
]
John Eaglesham commented on TS-3136:
We shouldn't change the default cipher list in a
47 matches
Mail list logo
