forked from EFForg/duraconf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
TODO
17 lines (13 loc) · 589 Bytes
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
It would be useful to have cipher hardened SSL/TLS configurations for:
varnish
stunnel
ejabberd
MTAs (postfix, exim, etc.)
IPSec
imap/pop (courier/dovecot)
other starttls services
openssh
This is probably the optimal cipher suite for most modern sites:
'ECDHE-RSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA:AES128-SHA:RC4-SHA:AES256-SHA:DES-CBC3-SHA'
It would also be useful to have code samples that ensure using popular SSL/TLS
libraries is safe, when possible.