[CentOS] SSH Weak Ciphers
Alice Wonder
alice at domblogger.netWed Oct 19 20:40:10 UTC 2016
- Previous message: [CentOS] SSH Weak Ciphers
- Next message: [CentOS] SSH Weak Ciphers
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 10/19/2016 11:34 AM, Leonard den Ottolander wrote: > Hello Gordon, > *snip* > > Personally I would be more concerned whether or not to enable ECDSA > algorithms (https://blog.cr.yp.to/20140323-ecdsa.html). > > Regards, > Leonard. > For web server ECDSA certs is currently a concern because the only curves with popular support across browsers have parameters that were chosen for undocumented reasons. That doesn't mean they are vulnerable but there is a question. OpenSSH uses Curve25519 for ECDSA which has documented reasons for the parameters chosen and thus are far less likely to be nefariously chosen. At least that's my understanding of the situation, which could be flawed.
- Previous message: [CentOS] SSH Weak Ciphers
- Next message: [CentOS] SSH Weak Ciphers
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list