Menu
▾
▴
[naviserver-devel] forward secrecy for nsssl
|
From: Gustaf N. <ne...@wu...> - 2014-01-27 19:42:33
|
Dear friends, Google has implemented in 2011 "forward secrecy" via ephemeral keys and Diffie-Hellman key exchange in OpenSSL [1].Since this feature of OpenSSL this is easy to use, i added support for forward secrecy to nsssl. One can new use these improved security features by adding DH parameters [2] to the server.pem file (see example in README [3]) and by using the "right" ciphers (*E*DH*, see e.g. [4]). By using these features, a web site can improve its security ratings as measured e.g. by Qualys' SSL Labs. all the best -gustaf neumann [1] http://googleonlinesecurity.blogspot.co.at/2011/11/protecting-data-for-long-term-with.html [2] https://bitbucket.org/naviserver/nsssl/src [3] http://en.wikibooks.org/wiki/OpenSSL/Diffie-Hellman_parameters [4] https://wiki.mozilla.org/Security/Server_Side_TLS |
