On 16/06/15 23:17, Jan Just Keijser wrote:
> [...]
> By using 'auth sha512' you could end up making the data channel more
> securely hashed/signed (and a lot slower) than the control channel,
> which does add a lot of extra security.
which does **NOT** add a lot of security
-
On 16-06-15 23:17, Jan Just Keijser wrote:
> On 16/06/15 16:40, Ralf Hildebrandt wrote:
> I'd recommend
>
> cipher AES-256-CBC
> auth SHA256
Agreed.
> The main reason to use AES-256 is if you're using machines that are
> optimized for AES (e.g. AES-NI capable CPU's). AES-256 is faster than
> Blo
Hi Ralf,
On 16/06/15 16:40, Ralf Hildebrandt wrote:
> Are there currently recommendations for the ciphers when dealing with
> clients >= 2.3.6 (Cross-platform; windows, mac os x, Linux)?
>
> I've seen:
>
> cipher AES-256-CBC
> keysize 256
> auth SHA256
>
> and:
>
> cipher AES-256-CBC
> auth SHA512
Are there currently recommendations for the ciphers when dealing with
clients >= 2.3.6 (Cross-platform; windows, mac os x, Linux)?
I've seen:
cipher AES-256-CBC
keysize 256
auth SHA256
and:
cipher AES-256-CBC
auth SHA512
tls-cipher DHE-RSA-AES256-SHA
--
Ralf Hildebrandt Char
