Hacker News new | past | comments | ask | show | jobs | submit login

Some advice from the authors on how to properly deploy Diffie-Hellman:

https://weakdh.org/sysadmin.html




There's also https://cipherli.st/ which, imho, is better. What's really awful is the sets are similar yet almost disjoint, only agreeing on 4 cipher combos:

   DHE-RSA-AES128-GCM-SHA256
   DHE-RSA-AES128-SHA
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-SHA
Personally I use the shorter "strong" config off cipherli.st


Our cipher recommendations on the Weak DH site come directly from Mozilla. See https://wiki.mozilla.org/Security/Server_Side_TLS#Recommende...


When I checked, I got 16 in common.

weakdh.org recommended 43, and cipherlist.st 16. cipherlist.st was a subset of the weakdh.org list.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: