Re: [RFC] Improved TLS Defaults
Great! The default cipher list is really the main thing I want to flesh out
during the discussion process. You also won't hear me claim to be an
"expert" (whatever that entails).
I think having the community as a whole decide what's right for PHP is the
best course of action here. Any feedback on these points is appreciated
(especially feedback that comes with concrete references).
On Tue, Jan 28, 2014 at 5:00 PM, Robert Stoll <[email protected]> wrote:
> Hey Daniel
>
> > -----Original Message-----
> > From: Daniel Lowrey [mailto:[email protected]]
> > Sent: Tuesday, January 28, 2014 10:51 PM
> > To: [email protected]
> > Subject: [PHP-DEV] [RFC] Improved TLS Defaults
> >
> > Hello, internals!
> >
> > I've created a new RFC to discuss improving default TLS encryption
> settings:
> >
> > https://wiki.php.net/rfc/improved-tls-defaults
> >
> > This RFC complements the previously accepted TLS Peer Verification RFC.
> >
> > I've proposed these (relatively straight-forward) changes in RFC form
> > because there does exist the potential for minimal BC breakage. I see
> this
> > breakage as a good thing because it enhances security, however everyone
> may
> > not share this view.
> >
> > Thanks in advance for your participation.
>
> I am not a security expert but I read (somewhere, don't ask me where
> please) that further ciphers should be excluded.
> Maybe they are already covered in !LOW but just in case:
>
> !DES:!3DES:!EXP:!SRP:!PSK
>
> Cheers,
> Robert
>
>
>
Thread (7 messages)