OpenSSL and Heimdal
Matt Dawson
matt at chronos.org.uk
Wed May 2 22:02:39 UTC 2012
On Wednesday 02 May 2012 13:44:14 Volodymyr Kostyrko wrote:
> And will we ever support TLS v1.[12]? BEAST attack
> seems to be not so far from most of us
mod_gnutls in ports. Setup is simple for Apache. Prefer the RC4 cipher
which secures SSLv3 against BEAST. This setup on my own HTTPS servers
passes Qualys' own tests with an A rating of 87 and tells me BEAST is
mitigated, although the thing still gives me an error on session
resumption which I know damned well works. It's all there for server
side in ports.
TLSv1.[1|2] is pretty pointless right now as only IE supports it in
any meaningful way and even that is disabled OOB. Setting RC4 as the
preferred cipher is about the best you can do right now.
--
Matt Dawson
GW0VNR
MTD15-RIPE
More information about the freebsd-security
mailing list