[146698] in cryptography@c2.net mail archive
Re: [Cryptography] People should turn on PFS in TLS
daemon@ATHENA.MIT.EDU (The Doctor)
Fri Sep 6 20:46:54 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 06 Sep 2013 20:39:34 -0400
From: The Doctor <drwho@virtadpt.net>
To: cryptography@metzdowd.com
In-Reply-To: <20130906131344.036c8e9a@jabberwock.cb.piermont.com>
Reply-To: drwho@virtadpt.net
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/06/2013 01:13 PM, Perry E. Metzger wrote:
> Google is also now (I believe) using PFS on their connections, and
> they handle more traffic than anyone. A connection I just made to
> https://www.google.com/ came out as, TLS 1.2, RC4_128, SHA1,
> ECDHE_RSA.
Addendum: Calomel SSL Validation has an interesting set of
configuration options, which may be of interest and discussion. Two
noteworthy ones:
- - FIPS 140-2 restricted 256 bit ciphers
- - ...AND limit to Perfect Forward Secrecy ciphers
Interestingly, turning this on breaks access to
https://addons.mozilla.org/. Bluh.
- --
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/
"Be the strange that you want to see in the world." --Gareth Branwyn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlIqdcYACgkQO9j/K4B7F8EKrQCguaWu9UGXABSkUwKJ7A+9n7NX
KUoAn3D1AF+NW8KIu9BoIDoxllKkE2+K
=GSYs
-----END PGP SIGNATURE-----
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography