[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Additional network security

From: Ted Zlatanov
Subject: Re: Additional network security
Date: Sun, 07 Dec 2014 13:28:55 -0500
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)

On Sun, 07 Dec 2014 18:45:25 +0100 Lars Magne Ingebrigtsen <address@hidden> 

LMI> Ted Zlatanov <address@hidden> writes:
>> How about extending the GnuTLS priority string to also specify the NSM
>> level, DH bits, etc? So the user would say "NORMAL:NSM(medium,dh=1024)"
>> and we'd cut out all the NSM bits before passing it on to GnuTLS. If
>> there's nothing in the priority string, we'd look at
>> `network-security-level', that would be the out-of-the-box use case.

LMI> I'm not sure we need to allow this to be customised at this fine-grained
LMI> level.  Does Firefox allow that, for instance?


>> RC4 should be disallowed on medium IMO. I *think* it already is
>> disallowed in the default GnuTLS priority string.

LMI> There are prominent web sites that only offer RC4, most famously the
LMI> video streams from Youtube.  (Because Google.)  

OK, I see.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]