Forum
Forward Secrecy on the horizon
marco
28 July 2013, 03:57
Take a look at the new google policy of forward secrecy.
http://googleonlinesecurity.blogspot.com/2011/11/protecting-data-for-long-term-with.html
Maybe a good discussion for the folks at PolarSSL and Hiawatha.
http://en.wikipedia.org/wiki/Perfect_forward_secrecy
I do not think there is a rush for this, but something to consider for 2014
marco
http://googleonlinesecurity.blogspot.com/2011/11/protecting-data-for-long-term-with.html
Maybe a good discussion for the folks at PolarSSL and Hiawatha.
http://en.wikipedia.org/wiki/Perfect_forward_secrecy
I do not think there is a rush for this, but something to consider for 2014
marco
Hugo Leisink
28 July 2013, 08:00
PolarSSL already supports PFS.
marco
28 July 2013, 15:42
how do we configure hiawatha to take advantage of this?
Or more to the point, what do I have to do with my SSL certificates and hiawatha.conf to enable it and utilize it?
Or more to the point, what do I have to do with my SSL certificates and hiawatha.conf to enable it and utilize it?
Hugo Leisink
28 July 2013, 20:35
Nothing. Hiawatha already prefers the strong ciphers. Whether they are used or not depends on what the client supports. Which cipher will be used is determined during the SSL handshake.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
