[Operators] Please enable Forward Secrecy for your servers!
zash at zash.se
Sat Sep 12 19:33:27 UTC 2015
At the last summit in Brussels, at some point, the issue of how
reporting errors from TLS cipher mismatches is kinda horrible. So the
idea of allowing a more liberal set of ciphers but throwing a
<stream:error> at the application level came up and I wrote a
proof-of-concept plugin for Prosody doing just this.
It will basically run a pattern match on the cipher string and, if it
does not match, close the connection with:
<text>TLS cipher 'RC4-MD5' not acceptable</text>
Kim "Zash" Alvefur
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the Operators