really drop SSLv2
Daniel J Blueman
daniel.blueman at gmail.com
Thu Aug 5 09:47:35 UTC 2010
On 4 August 2010 23:05, Kees Cook <kees at ubuntu.com> wrote:
> Hi Jim,
>
> On Wed, Aug 04, 2010 at 09:44:25AM -0400, Jim Tarvid wrote:
>> Why not kill the weak ciphers too?
>
> Sure! Can you send a patch for this?
If this is done, please reenable the 'none' cypher, so we can get
decent performance on slow/small systems where security isn't
important (eg on a trusted LAN). I believe Debian disabled this
previously, so I was using arcfour128, which is a 'weak' cipher.
I agree to removing weak ciphers and SSLv2 to ensure people don't get
a false sense of security, or use broken protocols.
Thanks,
Daniel
> Thanks!
>
> -Kees
>
>>
>> On Mon, Jul 19, 2010 at 6:09 PM, Eric Peters <eric at linuxsystems.net> wrote:
>>
>> > Like Scott said make it die! But I guarantee it's going to break something,
>> > what that something is the question.
>> >
>> > Cheers,
>> > Eric
>> >
>> >
>> > On Mon, Jul 19, 2010 at 3:06 PM, Kees Cook <kees at ubuntu.com> wrote:
>> >
>> >> Hi Laurent,
>> >>
>> >> On Mon, Jul 19, 2010 at 11:34:47PM +0200, Laurent Bigonville wrote:
>> >> > Le Mon, 19 Jul 2010 14:12:15 -0700,
>> >> > Kees Cook <kees at ubuntu.com> a écrit :
>> >> >
>> >> > > Thoughts?
>> >> >
>> >> > Shouldn't this be coordinated with Debian?
>> >>
>> >> Yes, if there isn't strong objection in Ubuntu, my next step would be to
>> >> propose it to Debian as well.
>> >>
>> >> -Kees
--
Daniel J Blueman
More information about the ubuntu-server
mailing list