[Remops] cipher suite
richard at quicksilvermail.net
richard at quicksilvermail.net
Sun Nov 23 19:17:23 GMT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Elvis,
On Sun, 23 Nov 2014 02:24:31 +0000, you wrote:
>
> > Back in 2011, after some discussion in the group:
>
> > >https://groups.google.com/forum/?hl=en&hl=en#!searchin/alt.privacy.anon-server/%22ALL$3A!ADH$3ARC4$2BRSA$3A$2BSSLv2$3A@STRENGTH%22/alt.privacy.anon-server/F75sYqrKZ24/khgoznakw3sJ
>
> > I chose this cipher suite for QSL and QSA:
> > ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH
> > I'm wondering if I need to change this since I'm disabling SSLv2 and
> > SSLv3. Now the SSL components will only use TLS.
>
>
> How about this?
>
> openssl ciphers -v 'ALL:!ADH:!MD5:!SSLv3:+TLSv1.2:@STRENGTH'
>
> ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
> ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
> ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
> ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
> DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
> DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
> DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
> DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
> ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
> ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
> ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384
> ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384
> AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
> AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
> ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
> ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
> ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
> ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
> DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
> DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
> DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
> DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
> ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
> ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
> ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256
> ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256
> AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
> AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
This looks to me like exactly what I'm looking for!
I'd never have gotten that alone.
Thanks so much,
Richard
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQIcBAEBAgAGBQJUcjRwAAoJEJxtYUVddaei10QP/23dso+IL9mn0w29W+8mLJvz
HaeS7OwOhmbBexn25rAoc66Lamb7sHypUfuV7+xsB+MJiZaDpentFE0sVf1L7Y/G
W1QpEjLK1xcLh2nE2/Eu31/AgbmALTuko0kxy0l21gExm0FDrDVSbqkxp8wbiJYc
2nMg94fuF448wti6BtzvGr0RoIaVHhfFE7RWzbICMgewPQhWGpk8H2G1Z/JgQ2l8
93qD36RO57RJgXHfHcq3iV+/imHGt3WP8fT5gBo5jLrB0BGajn4mGdheQYGtbykp
zeN1J7vYAoxPCP6GmDhDvLDusS+ByDPDmuy2OzEGuXXJVH3KrVNOe8yPnZrHZQ2k
VFZKw/4bEPqhtco64RtVvG70jPetrxnCKiYxgd1eSBnCnChttTIP2ek0iOfn/D1u
qwD703S8qbWmrdry5OU1lFNpXkhFo5rnt7mDJwjR1o4UtBg9UR5dZMRrPkLxPRAc
9c5NrVDmlq0PZxdvsuTjGveLVPoEBEiea2bDd+MP+08bRZoEC4K18mCphJRe19up
AJH3wBK55j4glzZR8uPM4FZsNQma1zIUw5kad5PmEryf6mLTTDN+EKmaOWkskxh1
VlaQjTVjtWt1iTbYBX7nPpyrxRg9SYO9EbT4njP61fNuTo2ZW7E0UiSDhQmWi14d
wdnZeOk+lz+dD46EeAMz
=mFk1
-----END PGP SIGNATURE-----
More information about the Remops
mailing list