i'm not really familiar with ssl and encryption technologies, but i have to watch out for security stuff since i look out a debian (stable) server. so since this is out for some time now
( http://security-tracker.debian.org/trac ... -2011-3389 )
and the only working solution against beast attack i found is this:
Code:
ssl_protocols TLSv1;
ssl_ciphers RC4-SHA:HIGH:!kEDH;
ssl_prefer_server_ciphers on;
in vhost conf file (nginx example), tested with qualsys ssl tester (https://www.ssllabs.com/ssldb/index.html).
problem in this scenario, from what i read, is that RC4 is considered pretty weak encryption. also tls 1.1 & tls 1.2 are not in debian yet -that would solve a lot of issues-.
as so, i'd like to ask for opinions/tips/experiences on this.
thanks, |
