❦ 21 février 2015 10:49 +0100, Kurt Roeckx <[email protected]> : >> > Please note that RC4 in the default configuration should never be >> > negiotated by modern clients and servers. The problem is >> > administrators who think they know better changed somethign not to >> > use the defaults. If we adjust the defaults it's not going to fix >> > anything. >> >> Many administrators don't use the defaults because the defaults are most >> of the time inappropriate for a web server. At some time, RC4 was widely >> advertised as the preferred cipher because it was immune to BEAST and >> supported by all browsers from IE6. > > The defaults are good enough, as long as you don't really care > about PFS because IE doesn't have those at the top of it's list. > If you just change it to prefer the default server ordering you > should already have a decent list, but it prefers AES256 over > AES128 while there is no need for that.
PFS, performances and A+ note on Qualys SSL test. This may be a bit less
true today since most browsers are now supporting ECDHE ciphers but it
still holds, I think.
--
Must I hold a candle to my shames?
-- William Shakespeare, "The Merchant of Venice"
signature.asc
Description: PGP signature
