Can you please expand on this? Does using TLS (vs SSL2v3) automatically ensure y... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

nonane on June 12, 2013 | parent | context | favorite | on: CloudFlare, PRISM, and Securing SSL Ciphers

Can you please expand on this? Does using TLS (vs SSL2v3) automatically ensure you're using ephermal diffie hellman?

tptacek on June 12, 2013 | [–]

No, it's a ciphersuite; the server and client have to agree to use it.

newman314 on June 12, 2013 | | [–]

No.

You can't control the client but you can have the server offer up a preferred list of ciphers.

On nginx, this would be ssl_prefer_server_ciphers = on; for example

staunch on June 12, 2013 | [–]

These may be useful

https://www.ssllabs.com/ssltest/

https://www.ssllabs.com/projects/best-practices/

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact