shibboleth-dev - cipher suites
Subject: Shibboleth Developers
List archive
- From: Ian Young <>
- To:
- Subject: cipher suites
- Date: Tue, 10 Jul 2007 18:06:50 +0100
- Openpgp: id=EA2882BB
I just ran down a problem which turned out to be related to choice of
OpenSSL cipher suites in a particular circumstance. This reminded me
that I've had understanding cipher suites on my to-do list for some
time. So, I went back and looked at the Apache SSL configuration
examples on the Shibboleth wiki.
These look like this:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
I'm curious as to where this recommendation came from, as it differs in
only one respect from the default setting:
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
The difference (!EXPORT56) excludes some weak "exportable" ciphers with
56-bit key sizes. I can see why one might want to do that, but not why
one would want to do that but *not* exclude the even weaker "exportable"
ciphers with 40-bit key sizes.
I also have to say I'm a bit dubious about SSLv2 in general, but that's
a separate question.
Anyone remember what is going on here?
-- Ian
- cipher suites, Ian Young, 07/10/2007
- Re: cipher suites, RL 'Bob' Morgan, 07/10/2007
- Re: cipher suites, Ian Young, 07/10/2007
- RE: cipher suites, Scott Cantor, 07/10/2007
- Message not available
- Re: cipher suites, Chad La Joie, 07/10/2007
- Re: cipher suites, Nate Klingenstein, 07/10/2007
- Re: cipher suites, Ian Young, 07/10/2007
- Re: cipher suites, Nate Klingenstein, 07/10/2007
- Re: cipher suites, Ian Young, 07/10/2007
- Re: cipher suites, Ian Young, 07/10/2007
- Re: cipher suites, RL 'Bob' Morgan, 07/10/2007
Archive powered by MHonArc 2.6.16.