Unbound 1.9.0rc1 pre-release
nusenu
nusenu-lists at riseup.net
Tue Jan 29 23:13:00 UTC 2019
>> Unbound 1.9.0rc1 pre-release is available
>
> Hello,
>
> some points I noticed while diffing against 1.8.3:
> * doc/example.conf.in
> tls-chiphers and tls-ciphersuites suggest ciphersuites in an uncommon order
> tls-chiphers prefer DHE over ECDHE while DHE is slower
> tls-ciphersuites prefer CCM over GCM and Chacha
>
> -> without deeper knowledge I feel, this list is not a good suggestion.
thanks for bringing this up,
I just wanted to add this list of recommended ciphers from RFC7525 [1]
(even though this RFC is from before TLS 1.3 was published)
o TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
o TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
o TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
o TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[1] https://tools.ietf.org/html/rfc7525#section-4.2
--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190129/cd102b0e/attachment.bin>
More information about the Unbound-users
mailing list