Message149857
| Author |
naif |
| Recipients |
gregory.p.smith, naif, pitrou |
| Date |
2011年12月19日.13:03:08 |
| SpamBayes Score |
6.9920705e-09 |
| Marked as misclassified |
No |
| Message-id |
<1324299789.65.0.701910827139.issue13636@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
Yes, i can do the test for the ordered set of ciphers with all the patches in-place, can build a custom python 3.2 with the patch applied.
I would suggest to try to keep ECC/ECDH/ECDHE enabled, conceptually we would like to have ECDHE as the first ciphers because it's the most modern, performance and secure.
For DH, you say that it require some file, but looking at mod_ssl Changelog it say:
The reason was that mod_ssl's temporary RSA keys and DH parameters
were stored in the persistent memory pool directly as OpenSSL's
RSA and DH structures.
I mean, when i install Apache with SSL, from the system administrator point of view, i never have to create a file somewhere in order to have that ciphers.
Maybe also DH/EDH stuff can be done "in memory"? |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2011年12月19日 13:03:09 | naif | set | recipients:
+ naif, gregory.p.smith, pitrou |
| 2011年12月19日 13:03:09 | naif | set | messageid: <1324299789.65.0.701910827139.issue13636@psf.upfronthosting.co.za> |
| 2011年12月19日 13:03:09 | naif | link | issue13636 messages |
| 2011年12月19日 13:03:08 | naif | create |
|