Changes between Version 4 and Version 5 of Ticket #676, comment 8


Ignore:
Timestamp:
07/26/22 00:51:14 (6 months ago)
Author:
Thomas Spear

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #676, comment 8

    v4 v5  
    1616}}}
    1717
    18 Normally with TLSv1.3 I read that it's best to set ssl_prefer_server_ciphers to off, because all ciphers are considered secure, and so that devices not supporting AES can choose the Chacha20 cipher instead of being forced to use
    19 AES even without hardware acceleration available to handle it, but here since you are allowing TLSv1.2, you need to prefer server ciphers for security reasons.
     18Normally with TLSv1.3 I read that it's best to set ssl_prefer_server_ciphers to off, because all ciphers are considered secure, and so that devices not supporting AES hardware acceleration can choose the Chacha20 cipher instead of being forced to use
     19AES even without the acceleration, but here since you are allowing TLSv1.2, you need to prefer server ciphers for security reasons.
    2020
    2121Therefore, this config may not pass SSL Labs more modern test checks because of preferring server ciphers and allowing TLSv1.2.