diff options
| author | Julien Vehent <julien@linuxwall.info> | 2015-05-27 04:56:11 -0400 |
|---|---|---|
| committer | Julien Vehent <julien@linuxwall.info> | 2015-05-27 04:56:11 -0400 |
| commit | 1e86c017b87a1063ab4f1b228c69fda11972e35f (patch) | |
| tree | 016ffce6d33bd7117b18cf4d619aac809e75e26a | |
| parent | 6e348b8f320175e96df94e974ee3f3fdf5a07209 (diff) | |
| download | server-side-tls-1e86c017b87a1063ab4f1b228c69fda11972e35f.zip server-side-tls-1e86c017b87a1063ab4f1b228c69fda11972e35f.tar.gz server-side-tls-1e86c017b87a1063ab4f1b228c69fda11972e35f.tar.bz2 | |
add note about 2048 DHE in intermediate ciphersuite
| -rw-r--r-- | Server_Side_TLS.mediawiki | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Server_Side_TLS.mediawiki b/Server_Side_TLS.mediawiki index da01ee0..817ce48 100644 --- a/Server_Side_TLS.mediawiki +++ b/Server_Side_TLS.mediawiki @@ -73,7 +73,7 @@ For services that don't need compatibility with legacy clients (mostly WinXP), b * Ciphersuite: '''ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA''' * Versions: '''TLSv1, TLSv1.1, TLSv1.2''' * RSA key size: '''2048''' -* DH Parameter size: '''1024''' +* DH Parameter size: '''1024''' (prefer 2048 if java support is not needed) * Elliptic curves: '''secp256r1, secp384r1, secp521r1''' (at a minimum) * Certificate signature: '''SHA-256''' |