[enh] ECDH Curves #454
[enh] ECDH Curves #454
Conversation
| @@ -19,6 +19,7 @@ server { | |||
| ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem; | |||
| ssl_session_timeout 5m; | |||
| ssl_session_cache shared:SSL:50m; | |||
| ssl_ecdh_curve secp521r1:secp384r1:prime256v1; | |||
There was a problem hiding this comment.
Uh could you elaborate on where those come from ? For instance for the ciphers we cite the mozilla source which is kinda trustable, since all those things are touchy security stuff...
Also how do you know this related to the DH params ? Does that mean we don't need the ssl_dhparam thingy at all ? Or are those DH params but only for eliptic curve ciphers ?
There was a problem hiding this comment.
Just read this : https://wiki.mozilla.org/Security/Server_Side_TLS ;-)
There was a problem hiding this comment.
It was just to change the description from just "security problem"...
There was a problem hiding this comment.
It's not cyphers btw....
There was a problem hiding this comment.
Alrighty, I just moved the instructions right next to the other cipher-related things, since that's the same reference ;)
There was a problem hiding this comment.
euh... but these are the same ecdh crurves for the two... modern or intermediate... so I thought/think it's better to set it at the top. like this the final user will be completely lost and perhaps not enable this.
|
I need test on jessie server for the X25519 curve. |
|
I don't think the X25519 works on Jessie. Can someone just add this line on his/her server just to check. It won't break installation for information. |
|
ok, it's ok now. |
The problem
Solution
PR Status
How to test
Validation