[Freeipa-devel] [PATCH 0030] Modernize mod_nss's cipher suites
Martin Kosek
mkosek at redhat.com
Fri Jan 22 11:32:19 UTC 2016
On 01/21/2016 04:21 PM, Christian Heimes wrote:
> The list of supported TLS cipher suites in /etc/httpd/conf.d/nss.conf
> has been modernized. Insecure or less secure algorithms such as RC4,
> DES and 3DES are removed. Perfect forward secrecy suites with ephemeral
> ECDH key exchange have been added. IE 8 on Windows XP is no longer
> supported.
>
> The list of enabled cipher suites has been generated with the script
> contrib/nssciphersuite/nssciphersuite.py.
>
> The supported suites are currently:
>
> TLS_RSA_WITH_AES_128_CBC_SHA256
> TLS_RSA_WITH_AES_256_CBC_SHA256
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> TLS_RSA_WITH_AES_128_GCM_SHA256
> TLS_RSA_WITH_AES_128_CBC_SHA
> TLS_RSA_WITH_AES_256_GCM_SHA384
> TLS_RSA_WITH_AES_256_CBC_SHA
>
> https://fedorahosted.org/freeipa/ticket/5589
Thanks for the patch! I updated the ticket to make sure this change is release
notes.
More information about the Freeipa-devel
mailing list