IncludeOS icon indicating copy to clipboard operation
IncludeOS copied to clipboard

Published 20 hours ago verified publisher icon includeos

Use default ciphers in OpenSSL

Open fwsGonzo opened this issue 5 years ago • 1 comments

.. so that it works in more (if not all) places. Still disable SSLv3.

fwsGonzo avatar Dec 03 '18 14:12 fwsGonzo

https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ has the following list.

ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS

I think we should make it configurable from the service but with a sane default

KristianJerpetjon avatar Dec 03 '18 15:12 KristianJerpetjon