Commit Graph

8 Commits

Author SHA1 Message Date
10cbf75c27
group_vars/all: Disable TLS cipher suites using Triple DES
An attack on Triple DES was recently published[0]. It's not a very
high severity attack but the fact is that Triple DES is very old
and there are much better ciphers to use, like AES and ChaCha20.

I logged the ciphers that were negotiated on all of my vhosts over
a period of 72 hours and there were zero occurences of Triple DES,
so I am removing it, as suggested by the authors of the attack as
well as OpenSSL[1].

[0] https://sweet32.info
[1] https://www.openssl.org/blog/blog/2016/08/24/sweet32/
2016-08-27 18:25:37 +03:00
c3dc5dc0aa
group_vars/all: Update TLS cipher suite to latest Mozilla "Intermediate" recommendations
See: https://wiki.mozilla.org/Security/Server_Side_TLS

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-08 12:45:58 +02:00
5c0a7c2c72 group_vars/all: Update TLS cipher suite
Use latest Mozilla intermediate suite:

https://wiki.mozilla.org/Security/Server_Side_TLS

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-09-02 15:11:57 +03:00
54993d6d6b
Update tls cipher suite with latest string from Mozilla TLS guide
https://wiki.mozilla.org/Security/Server_Side_TLS states"

    Version 3.3: ulfr: fix SHA256 prio, add POODLE details, update various templates

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-10-25 12:36:19 +03:00
81a98596e3
Downgrade TLS configuration to Mozilla's "intermediate" spec
From looking at the list of clients who would be allowed to connect
when using the "modern" spec, I think I'd be doing more harm than
good to use that config right now...

https://www.ssllabs.com/ssltest/analyze.html?d=alaninkenya.org
https://wiki.mozilla.org/Security/Server_Side_TLS

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-10-09 21:09:18 +03:00
ad8a704470
Update TLS configuration to Mozilla's "modern" spec
Details, see:

- https://jve.linuxwall.info/blog/index.php?post/2014/10/09/Automated-configuration-analysis-for-Mozilla-s-TLS-guidelines
- https://wiki.mozilla.org/Security/Server_Side_TLS

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-10-09 20:56:08 +03:00
1e54507b05
group_vars/all: Remove host-specific configs
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-08-25 11:45:08 +03:00
60b8ecdd4c
Initial commit
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-08-17 00:35:57 +03:00