Re: Review:Patch: SSL: prefer server cipher order

On 11/16/2013 12:37 PM, Marko Kreen wrote:
> Thanks for testing!
>
> On Sat, Nov 16, 2013 at 12:17:40PM -0800, Adrian Klaver wrote:
>> On 11/16/2013 06:24 AM, Marko Kreen wrote:
>>> ssl-better-default:
>>>    SSL should stay working, openssl ciphers -v 'value' should not contain
>>>    any weak suites (RC4, SEED, DES-CBC, EXP, NULL) and no non-authenticated
>>>    suites (ADH/AECDH).
>>
>> Not sure about the above, if it is a GUC I can't find it. If it is
>> something else than I will have to plead ignorance.
>
> The patch just changes the default value for 'ssl_ciphers' GUC.

I am still not sure what patch you are talking about. The two patches I 
saw where for server_prefer and ECDH key exchange.

>
> The question is if the value works at all, and is good.
>

What value would we be talking about?

Note: I have been working through a head cold and thought processes are 
sluggish, handle accordingly:)


-- 
Adrian Klaver
adrian.klaver@gmail.com