|
|
|
|
|
|
by anologwintermut
4642 days ago
|
|
|
You can only support forward secure cipher suits. This will result in rejected connections as you suggested. Lavabit doesn't do this, they support non-forward secure ones. Worse, they don't offer a cipher-suit order preference and the cipher suits they offer are actually pretty shitty (no ECDH_ECDSA, 1024bit DHE). The way they have it configured now means anyone using the default browser on windows(IE) or OSX(Safari) doesn't end up negotiating a forward secure session. Chrome and Firefox do end up being forward secure. See SSL Lab's test result here[0] They support
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA [0]https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2... |
|
|