[jdev] Securing XMPP
dave at cridland.net
Fri Sep 6 20:24:39 UTC 2013
On Fri, Sep 6, 2013 at 7:16 PM, Thijs Alkemade <thijs at xnyhps.nl> wrote:
> However, a large number of clients do not prioritize (EC)DHE above the non-
> ephemeral variants. To enforce that these are used, it is therefore
> to either disable all non-ephemeral suites or configure the server to
> the client's order with the server's order.
I may be talking rubbish, but shouldn't the server be overriding the
client's order by default anyway?
In other news, there's a lengthy discussion on use of ADH and
unauthenticated TLS in general - we;ve previously considered this largely
worthless, but using it forces an outside agency trying to "dragnet" to
MITM every connection, which raises significant overhead.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the JDev