Hello,
On Wed, Mar 21, 2012 at 11:50, Michal Trojnara Michal.Trojnara@mirt.net wrote:
Benchmarking worst case scenarios may look like a good idea, but it is not a reasonable approach to bottleneck identification.
Very true.
At the moment, I'm just preparing a test setup, making sure I have a configuration following best practices as a reference point for the comparison.
Is it possible to disable EDH? If so, how? I couldn't find any info on that.
The answer is in the article you quoted. Stunnel option is "ciphers":
Thanks - however from the manpage it seems to be a positive list only using a different format, while the article use ! for exclusions.
If PFS is to be sacrified, would the following line (based on the article) be ok ? If not, what would be stunnel equivalent? ciphers=ALL:!kEDH:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:RC4 RSA: HIGH;
And if PFS is to be kept: ciphers=ALL:ECDHE:!kEDH:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:RC4 RSA: HIGH;
Guylhem