Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
dpdt1Offline
Post subject: [ssl] beast attack  PostPosted: 29.11.2011, 21:52



Joined: 2010-09-27
Posts: 48

Status: Offline
i'm not really familiar with ssl and encryption technologies, but i have to watch out for security stuff since i look out a debian (stable) server. so since this is out for some time now
( http://security-tracker.debian.org/trac ... -2011-3389 )

and the only working solution against beast attack i found is this:

      Code:
ssl_protocols TLSv1;
ssl_ciphers RC4-SHA:HIGH:!kEDH;
ssl_prefer_server_ciphers on;


in vhost conf file (nginx example), tested with qualsys ssl tester (https://www.ssllabs.com/ssldb/index.html).
problem in this scenario, from what i read, is that RC4 is considered pretty weak encryption. also tls 1.1 & tls 1.2 are not in debian yet -that would solve a lot of issues-.
as so, i'd like to ask for opinions/tips/experiences on this.

thanks,

_________________
# apt-get remove frontiers
 
 View user's profile Send private message  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT - 12 Hours
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Powered by Zafenio