ansible-personal

History

Alan Orth 10cbf75c27 group_vars/all: Disable TLS cipher suites using Triple DES An attack on Triple DES was recently published[0]. It's not a very high severity attack but the fact is that Triple DES is very old and there are much better ciphers to use, like AES and ChaCha20. I logged the ciphers that were negotiated on all of my vhosts over a period of 72 hours and there were zero occurences of Triple DES, so I am removing it, as suggested by the authors of the attack as well as OpenSSL[1]. [0] https://sweet32.info [1] https://www.openssl.org/blog/blog/2016/08/24/sweet32/	2016-08-27 18:25:37 +03:00
..
all	group_vars/all: Disable TLS cipher suites using Triple DES	2016-08-27 18:25:37 +03:00

group_vars/all: Disable TLS cipher suites using Triple DES

An attack on Triple DES was recently published[0]. It's not a very
high severity attack but the fact is that Triple DES is very old
and there are much better ciphers to use, like AES and ChaCha20.

I logged the ciphers that were negotiated on all of my vhosts over
a period of 72 hours and there were zero occurences of Triple DES,
so I am removing it, as suggested by the authors of the attack as
well as OpenSSL[1].

[0] https://sweet32.info
[1] https://www.openssl.org/blog/blog/2016/08/24/sweet32/

2016-08-27 18:25:37 +03:00

all

group_vars/all: Disable TLS cipher suites using Triple DES

2016-08-27 18:25:37 +03:00