On Wed, Jan 11, 2017 at 03:51:40PM +0100, Fabian Grünbichler wrote: > the old one is woefully inadequate and no longer supported > by the most recent OpenSSL version. > > I'd like to change this quickly now, and make it configurable > via /etc/default/pveproxy or datacenter.cfg later on (so that > people that know which cipher suites offer the right security > vs. performance tradeoff for their machines can choose on > their own, just like for the web interface). > > MEDIUM under Jessie's Openssl includes 3DES and friends, so > that one is IMHO not a good choice, so the only two alternatives > are either HIGH (as in the patches) or a long manually curated > cipher suite string which we need to maintain (or we could just > follow one like bettercrypto.org's compatibility one..).
_______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
