[Bug 71304] prefer PFS cipher suites and TLS 1.2; optionally disable SSLv3, SSLv2
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Nov 6 05:58:19 PST 2013
https://bugs.freedesktop.org/show_bug.cgi?id=71304
--- Comment #1 from Simon McVittie <simon.mcvittie at collabora.co.uk> ---
Relatedly: Nikos Mavrogiannopoulos at GNUTLS thinks our GNUTLS preference
string is suspicious in general:
http://lists.gnutls.org/pipermail/gnutls-devel/2013-August/006440.html
http://lists.gnutls.org/pipermail/gnutls-devel/2013-August/006437.html
and writes:
> I'd suggest to use the uncompressed protocol by default
> and allowing an option for the user to enable TLS compression
> (in the case benefits outweigh the risks).
...
> I'd suggest to use the default "NORMAL" or "NORMAL:%COMPAT"
> option, and allow alternatives by user options. The normal
> priority string will always contain conservative security
> options suitable for generic usage (and will be updated as
> security threats change). By using a custom priority string
> you take the responsibility of such updates.
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
More information about the telepathy-bugs
mailing list