Em 09-04-2014 05:02, nobody escreveu: > Perfect Forward Secrecy by default? Is it on in OpenBSD? I use httpd and with the default configuration it uses PFS by default, if you just enable ssl and setup the cert and key. But it allows any cipher, so an old browser or a client that does not support it, will still be able to connect. You can deny it though. I don't know about the default nginx configuration, but I assume it will be along the same lines.
-- Giancarlo Razzolini GPG: 4096R/77B981BC
