oss-sec mailing list archives
Re: openssl default ciphers
From: Russ Allbery <eagle () eyrie org>
Date: Mon, 04 Nov 2013 09:58:35 -0800
Hanno Böck <hanno () hboeck de> writes:
SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL@STRENGTH should be fine. There are basically near zero browsers out there that should have any problems with that. Even dinosaurs like IE6 can work with this, you don't need "medium" ciphers as long as you don't want to make a site accessible to browser museums.
Just to data-point on compatibility, we've been using: SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!ADH:!SSLv2:@STRENGTH (not quite as strong as what you mention above; we should look at changing) for all of Stanford's SSL web sites for years and years now, and have never had a single complaint. -- Russ Allbery (eagle () eyrie org) <http://www.eyrie.org/~eagle/>
Current thread:
- openssl default ciphers Stefan Bühler (Nov 04)
- Re: openssl default ciphers Daniel Kahn Gillmor (Nov 04)
- Re: openssl default ciphers Eric H. Christensen (Nov 04)
- Re: openssl default ciphers Hanno Böck (Nov 04)
- Re: openssl default ciphers Russ Allbery (Nov 04)
- Re: openssl default ciphers Stefan Bühler (Nov 04)
- Re: openssl default ciphers Mike (Nov 04)
- Re: openssl default ciphers Eric H. Christensen (Nov 04)
- Re: openssl default ciphers leToff (Nov 04)
- Re: openssl default ciphers Stefan Bühler (Nov 05)
- Re: openssl default ciphers Florian Weimer (Nov 05)