[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] Recommended HKPS protocols & ciphersuites?
From: |
Pete Stephenson |
Subject: |
[Sks-devel] Recommended HKPS protocols & ciphersuites? |
Date: |
Sun, 03 Aug 2014 21:29:49 +0200 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 |
Hi all,
For those running HKPS-enabled servers in the pool, what protocols and
ciphersuites do you use?
I'd hope that it'd be safe these days to disable SSLv2. How about SSLv3?
RC4?
I'd like to provide a reasonable fallback to older clients that don't
support modern ciphers, but without jeopardizing the security of modern
clients that do.
It appears gnupg-curl on Debian systems supports DHE-RSA-AES256-SHA256
and TLS 1.2. A random HKPS query to my server used TLSv1.2 and
ECDHE-RSA-AES256-GCM-SHA384, which is promising.
Any recommendations?
Cheers!
-Pete
signature.asc
Description: OpenPGP digital signature
- [Sks-devel] Recommended HKPS protocols & ciphersuites?,
Pete Stephenson <=