pan-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Pan-users] [feature-request] Implement newer TLS Version in neawsre

From: Steve Davies
Subject: Re: [Pan-users] [feature-request] Implement newer TLS Version in neawsreader pan?
Date: Fri, 07 Jul 2017 09:36:20 +0000


On Thu, 6 Jul 2017 at 18:41 Detlef Graef <address@hidden> wrote:
Something like:

<tlsver>TLS-VER-ALL</tlsver>    with TLS-VER-ALL as the default value.

possible other values:

<tlsver>VERS-TLS1.0</tlsver>    force TLS ver. 1.0
<tlsver>VERS-TLS1.1</tlsver>    force tLS ver. 1.1
<tlsver>VERS-TLS1.2</tlsver>    force TLS ver. 1.2
<tlsver>VERS-TLS1.3</tlsver>   (in the future)

 
In case it helps, there are MANY SSL capable servers and clients out there, and rather than reinvent the wheel, how these guys configure their software should probably be taken into consideration (they've been doing it for a long time ;) )

Here's a link to the nginx config page for SSL, which I chose because it is fairly representative http://nginx.org/en/docs/http/configuring_https_servers.html

To me this would translate to XML of something like:

<ssl_protocol>ALL</ssl_protocol>
<ssl_ciphers>ALL</ssl_ciphers>

or

<ssl_protocol>TLSv1.2</ssl_protocol>
<ssl_ciphers>HIGH:!aNULL:!MD5</ssl_ciphers>

or maybe a good compromise between compatibility and safety that I've used ;-)

<ssl_protocol>TLSv1 TLSv1.1 TLSv1.2</ssl_protocol>
<ssl_ciphers>EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5</ssl_ciphers>

Just my 2p.
Steve


reply via email to
[Prev in Thread] Current Thread [Next in Thread]