[Operators] Please enable Forward Secrecy for your servers!

David Mohr damailings at mcbf.net
Mon Jul 27 17:22:15 UTC 2015


I second this a little bit.

In my case I need to upgrade from Debian wheezy to jessie to get PFS, so 
there is more work involved. And I'd expect a decent number of servers 
to be in the same situation. Jessie came out in April, so it's not brand 
new. But it is still fairly recent and you can't just expect everyone to 
have upgraded already.

On the other hand, there will never be a perfect time to make such a 
switch and I do appreciate the push for more security.

~David

On 2015-07-27 07:46, Eric Koldeweij wrote:
> Yes, my server would be one of those who cannot reach jabber.ccc.de any 
> more.
> I did not get around to turning it on yet, I need a software upgrade 
> for that.
> 
> I understand the need for extra security but enforcing it right away
> without giving fellow operators time to upgrade as well will only hurt
> the community. I thought I had until end of september for this.
> 
> Not happy.
> 
> Eric.
> 
> On 07/27/15 15:07, Peter Schwindt wrote:
>> Hi Mike,
>> 
>> On 07/10/2015 01:11 PM, Mike Barnes wrote:
>> 
>>> Do you have any details on which client software and versions you've
>>> tested, Mathias? I've been looking at doing this but I've been more
>>> concerned about the client experience than s2s issues.
>> At jabber.ccc.de, I had (forcing Forward Secrecy for a week now) not a
>> single person experiencing (and messaging me about it) client issues.
>> 
>> But, and that's quite a lot more than Mathias observed, we're missing
>> about 1/3 of all the S2S connections.
>> 
>> Best,
>> Peter


More information about the Operators mailing list