Re: [Freedombox-discuss] CAs and cipher suites for cautious servers like FreedomBox

13 Sep 2013

      ----- Forwarded message from Keith  -----

Date: Fri, 13 Sep 2013 13:41:22 +0100
From: Keith 
To: Eugen Leitl 
Cc: freedombox-discuss@lists.alioth.debian.org
Subject: Re: [Freedombox-discuss] CAs and cipher suites for cautious servers like FreedomBox
X-Mailer: Evolution 3.4.4-3

PFS with snakeoil works.
Trying it out here https://snakeoil.cf

Using Apache 2.4 on a server running Jessie, it looks reasonable using
just the default ciphers of SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5.
Open to tweaking SSLCipherSuite.

Now trying pfs for Postfix, will this email actually use it?

On Fri, 2013-09-13 at 08:01 +0200, Eugen Leitl wrote:
...
On Thu, Sep 12, 2013 at 04:44:31PM +0100, Keith wrote:
...
With a CA on each freedombox there need not be a requirement for a
server.
If my understanding of Tor is right, it is designed for anonymity, not
encryption, should not need a CA for this.
Can you get PFS with snakeoil (I presume these are generated during
the installation, is there at all enough entropy at that time so
this is safe?) certs?
Postfix and dovecot in newer versions can do PFS:
http://www.heinlein-support.de/blog/security/perfect-forward-secrecy-pfs-fur...
_______________________________________________
Freedombox-discuss mailing list
Freedombox-discuss@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5