really drop SSLv2
Daniel J Blueman
daniel.blueman at gmail.com
Sun Aug 8 20:38:01 UTC 2010
On 5 August 2010 12:17, Jim Tarvid <tarvid at ls.net> wrote:
> On Wed, Aug 4, 2010 at 6:05 PM, Kees Cook <kees at ubuntu.com> wrote:
>>
>> Hi Jim,
>>
>> On Wed, Aug 04, 2010 at 09:44:25AM -0400, Jim Tarvid wrote:
>> > Why not kill the weak ciphers too?
>>
>> Sure! Can you send a patch for this?
> Many thought and caveats.
>
> Old browsers may not be able to negotiate SSLCipherSuite HIGH. I don't know
> and I don't care
> Only the most ancient browsers will not be able to negotiate TLSv1 or SSLv3.
> see #1
> Daniel J Blueman may want NULL (eNULL) instead of NONE
Good info, but no cigar:
$ ssh -o ciphers=NULL x1
command-line line 0: Bad SSH2 cipher spec 'NULL'.
I guess I should select it a different way? 'none' is a valid cipher
when enabled in the configure script.
Thanks,
Daniel
--
Daniel J Blueman
More information about the ubuntu-server
mailing list