[Freeipa-devel] [PATCH 0030] Modernize mod_nss's cipher suites
Christian Heimes
cheimes at redhat.com
Fri Feb 12 11:34:34 UTC 2016
On 2016-02-11 14:43, Martin Kosek wrote:
>> Pushed to:
>> master: 5ac3a3cee534a16db86c541b9beff4939f03410e
>> ipa-4-3: c3496a4a4893c75789bdf0c617e46923361fb43b
>>
>
> Very cool! Thanks guys! Looking forward to deploying FreeIPA 4.3.1 on the
> FreeIPA public demo :-)
I have to change the cipher list again in the near future. During
DevConf.CZ Bob pointed out some issues with key sizes in post quantum
crypto world [1]. Rob and I are working on a patch for mod_nss for
finite field ephemeral DH key exchange. Once the patch has landed, I'll
update the cipher list to support also kDHE.
Christian
[1]
https://devconfcz2016.sched.org/event/5m21/post-quantum-crypo-what-is-it-and-do-we-need-it
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160212/14d3eaa9/attachment.sig>
More information about the Freeipa-devel
mailing list