On 5 August 2010 12:17, Jim Tarvid <[email protected]> wrote: > On Wed, Aug 4, 2010 at 6:05 PM, Kees Cook <[email protected]> wrote: >> >> Hi Jim, >> >> On Wed, Aug 04, 2010 at 09:44:25AM -0400, Jim Tarvid wrote: >> > Why not kill the weak ciphers too? >> >> Sure! Can you send a patch for this?
> Many thought and caveats. > > Old browsers may not be able to negotiate SSLCipherSuite HIGH. I don't know > and I don't care > Only the most ancient browsers will not be able to negotiate TLSv1 or SSLv3. > see #1 > Daniel J Blueman may want NULL (eNULL) instead of NONE Good info, but no cigar: $ ssh -o ciphers=NULL x1 command-line line 0: Bad SSH2 cipher spec 'NULL'. I guess I should select it a different way? 'none' is a valid cipher when enabled in the configure script. Thanks, Daniel -- Daniel J Blueman -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
