[Pkg-haproxy-maintainers] SSL ciphers

Vincent Bernat bernat at debian.org
Tue Feb 24 08:44:15 UTC 2015


 ❦ 24 février 2015 10:30 +0200, Apollon Oikonomopoulos <apoikos at debian.org> :

>> I noticed that we are still putting RC4 in the default configuration of
>> HAProxy. Should we just remove it or update the list of ciphers to
>> something else? Should we seek for an upload exception for freeze?
>> 
>> I think yes for both but I am not up-to-date with the state of the art
>> for TLS cipher suites.
>
> Yes for both, but let's have a look on the cipher list first.

I would go for the Mozilla one but I find it excessively long (and some
exceptions at the end are odd). I have asked them why handling ECDSA/DSS
certificates but they told me that it's 8% of issued certificates.
-- 
The only way to keep your health is to eat what you don't want, drink what
you don't like, and do what you'd rather not.
		-- Mark Twain
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-haproxy-maintainers/attachments/20150224/55d2c2e1/attachment.sig>


More information about the Pkg-haproxy-maintainers mailing list