Fedora/Redhat and perfect forward secrecy
Reindl Harald
h.reindl at thelounge.net
Mon Aug 26 09:17:52 UTC 2013
Am 26.08.2013 11:07, schrieb Florian Weimer:
> On 08/24/2013 11:38 AM, Reindl Harald wrote:
>> https://bugzilla.redhat.com/show_bug.cgi?id=319901
>>
>> looks like Redhat based systems are the only remaining
>> which does not support EECDHE which is a shame these
>> days in context of PRISM and more and more Ciphers
>> are going to be unuseable (BEAST/CRIME weakness)
>
> Current Fedora supports perfect forward secrecy just fine
it does *not*
yes it does in theory
> It's just that web server operators routinely refuse to offer it.
cause and effect
because Fedora does *not* support Ciphers without large performance impacts
in reality without ECDHE you have no way
go to https://www.ssllabs.com/ssltest/ and look at the client-handshakes
practically no client is using PFS without ECDHE
that's the truth if it comes to PFS and Redhat/Fedora
http://www.internetstaff.com/roller/blog/entry/enable_elliptical_curve_diffie_hellman
http://www.theverge.com/2013/6/26/4468050/facebook-follows-google-with-tough-encryption-standard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130826/6ccefc3a/attachment.sig>
More information about the devel
mailing list