From eugen@leitl.org Fri Sep 13 08:53:56 2013
From: Eugen Leitl <eugen@leitl.org>
To: cypherpunks@lists.cpunks.org
Subject: Re: [Freedombox-discuss] CAs and cipher suites for cautious servers
 like FreedomBox
Date: Fri, 13 Sep 2013 14:53:53 +0200
Message-ID: <20130913125353.GL10405@leitl.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0552627276099379493=="

--===============0552627276099379493==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

----- Forwarded message from Keith <keith(a)fernie.eu> -----

Date: Fri, 13 Sep 2013 13:41:22 +0100
From: Keith <keith(a)fernie.eu>
To: Eugen Leitl <eugen(a)leitl.org>
Cc: freedombox-discuss(a)lists.alioth.debian.org
Subject: Re: [Freedombox-discuss] CAs and cipher suites for cautious servers =
like FreedomBox
X-Mailer: Evolution 3.4.4-3

PFS with snakeoil works.
Trying it out here https://snakeoil.cf

Using Apache 2.4 on a server running Jessie, it looks reasonable using
just the default ciphers of SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5.
Open to tweaking SSLCipherSuite.

Now trying pfs for Postfix, will this email actually use it?

On Fri, 2013-09-13 at 08:01 +0200, Eugen Leitl wrote:
> On Thu, Sep 12, 2013 at 04:44:31PM +0100, Keith wrote:
> > With a CA on each freedombox there need not be a requirement for a
> > server.
> >=20
> > If my understanding of Tor is right, it is designed for anonymity, not
> > encryption, should not need a CA for this.
>=20
> Can you get PFS with snakeoil (I presume these are generated during
> the installation, is there at all enough entropy at that time so
> this is safe?) certs?
>=20
> Postfix and dovecot in newer versions can do PFS:
> http://www.heinlein-support.de/blog/security/perfect-forward-secrecy-pfs-fu=
r-postfix-und-dovecot/
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss(a)lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss



----- End forwarded message -----
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

--===============0552627276099379493==--