Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] Disable Anonymous ECDH ciphersuites by default

Rob Stradling
June 14, 2011 08:20AM
On Tuesday 14 Jun 2011 13:04:18 António P. P. Almeida wrote:
> On 14 Jun 2011 09h58 WEST, rob.stradling@comodo.com wrote:
<snip>
> > -#define NGX_DEFAULT_CIPHERS "HIGH:!ADH:!MD5"
> > +#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
<snip>
> Shouldn't there be some sort of check for the OpenSSH version?
>
> #if OPENSSL_VERSION_NUMBER >= 0x100000000
> (after 1.x code)
> #else
> (before 1.x code)
> #endif
>
> If I understood correctly this is something that appeared in 1.x. not
> existing in 0.9.x.
>
> Is it so?

Yes, the behaviour changed between OpenSSL 0.9.x and 1.x: the ECC ciphersuites
are now included in the ALL, DEFAULT, HIGH, etc, cipher strings. However,
there is no need for any check on the OpenSSL version number. Changing !ADH
to !aNULL is also appropriate for 0.9.x.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] Disable Anonymous ECDH ciphersuites by default

Rob Stradling 6265 June 14, 2011 05:02AM

Re: [PATCH] Disable Anonymous ECDH ciphersuites by default

António P. P. Almeida 1463 June 14, 2011 08:06AM

Re: [PATCH] Disable Anonymous ECDH ciphersuites by default

Rob Stradling 1412 June 14, 2011 08:20AM

Re: [PATCH] Disable Anonymous ECDH ciphersuites by default

Maxim Dounin 1459 June 14, 2011 04:48PM

Re: [PATCH] Disable Anonymous ECDH ciphersuites by default Attachments

António P. P. Almeida 1984 June 17, 2011 02:46PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 183
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready