>>>>> "MK" == Marko Kreen <markokr@gmail.com> writes:
>>>>> "PE" == Peter Eisentraut <peter_e@gmx.net> writes:
MK>> Well, we should - the DEFAULT is clearly a client-side default
MK>> for compatibility only. No server should ever run with it.
PE> Any other opinions on this out there?
For reference, see:
https://wiki.mozilla.org/Security/Server_Side_TLS
for the currently suggested suite for TLS servers.
That is:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:
ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:
ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:
DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:
AES128:AES256:RC4-SHA:HIGH:
!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
The page explains why.
But for pgsql, I'd leave off the !PSK; pre-shared keys may prove useful
for some. And RC4, perhaps, also should be !ed.
And if anyone wants Kerberos tls-authentication, one could add
KRB5-DES-CBC3-SHA, but that is ssl3-only.
Once salsa20-poly1305 lands in openssl, that should be added to the
start of the list.
-JimC
--
James Cloos <cloos@jhcloos.com> OpenPGP: 1024D/ED7DAEA6