18 Nov
2014
18 Nov
'14
1:24 p.m.
Phil Mayers wrote:
Can I make a suggestion? Don't embed a suite list at all. Instead, comment the eap module with a link to a place, which should contain a *current* best-practice list.
Asking people to read docs is a bit much...
TLS is getting a lot of attention now. I think it's safe to assume one or more ciphers will become insecure, and any list you put into default configs, out of date.
Well, we can update then. The default should be secure as of the date the server ships.
(Also, that enormous cipher list is eye-bleedingly bad; hard to read, therefore hard to audit and manage; damn you straight to hades, OpenSSL)
For many, many, reasons. Alan DeKok.