Giter Site home page Giter Site logo

Comments (3)

noxxi avatar noxxi commented on July 30, 2024

Hi,

I've updated the default ciphers in IO::Socket::SSL version 2.026 based on what current browsers do and based on the recommendations of Mozilla. This also includes support for ECDHE-RSA-AES128-GCM-SHA256 now.

Apart from that I find the very restricted configuration of www.tiremoni.com questionable: they offer only a very few (4) ciphers (why?) but among these are ciphers which combine GCM with DHE even though all clients which can do GCM can do the much better ECDHE too. On top of that they use a weak DH key. Thus I don't think that somebody actually knew what (s)he was doing when setting up this site and in this case one should expect problems with non-standard clients.

from p5-io-socket-ssl.

brewt avatar brewt commented on July 30, 2024

I have several sample hosts are using the same cipher suites. It's a bit strange that they all happen to be from different German web hosts, but they're all running nginx. Perhaps this is a common nginx configuration?

from p5-io-socket-ssl.

noxxi avatar noxxi commented on July 30, 2024

Perhaps this is a common nginx configuration?

I doubt that. But people tend to copy errors from others because they don't really understand the issues themselves.

A typical error is trying to disable SSL 3.0 not by setting the protocol (i.e. ssl_protocols) but by disabling all SSLv3 ciphers. Unfortunately this includes also all the ciphers used with TLS 1.0 and TLS 1.1 and most of the ciphers used with TLS 1.2 and leaves only the ciphers which were newly introduced with TLS 1.2.

from p5-io-socket-ssl.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.