[Operators] Please enable Forward Secrecy for your servers!

Mathias Ertl mati at fsinf.at
Mon Oct 5 15:43:42 UTC 2015


On Mon, Oct 05, 2015 at 09:45:11AM -0500, Sam Whited wrote:
> This all seems perfectly reasonable to me; if you don't have PFS
> enabled ciphers, I don't understand why you'd expect to be able to be
> part of the network these days.

I completely agree. Support for PFS ciphers is not something brand new or
something. At least for Debian/Ubuntu systems, if you don't support PFS,
you just have a completely outdated system. 

If connectivity to some server breaks because of this, it's that servers
operators server fault, not mine. 

Oh, and btw: This is a small issue. There aren't many servers affected by
this. Almost all of them are small servers for individual users or a clique
or something.

greeting, Mati

I only read plain text mail! I prefer pgp|gpg signed & encrypted mails!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20151005/0c01d685/attachment.sig>

More information about the Operators mailing list