Alexander Bluhm <alexander.bl...@gmx.net> writes: > On Sun, Jan 29, 2017 at 07:51:38AM -0700, Kyle Amon wrote: >> Ahem. I still think it would be great if this could get applied >> before yet another release goes by. ;) > > I have tested it. The server cypher list changes from > * SSLv23 TLSv1_2 DHE-RSA-AES256-GCM-SHA384 > * TLSv1_2 TLSv1_2 DHE-RSA-AES256-GCM-SHA384 > * TLSv1_1 TLSv1_1 DHE-RSA-AES256-SHA > * TLSv1 TLSv1 DHE-RSA-AES256-SHA > to > * SSLv23 TLSv1_2 ECDHE-RSA-AES256-GCM-SHA384 > * TLSv1_2 TLSv1_2 ECDHE-RSA-AES256-GCM-SHA384 > * TLSv1_1 TLSv1_1 ECDHE-RSA-AES256-SHA > * TLSv1 TLSv1 ECDHE-RSA-AES256-SHA > > We also need a revision bump. > > ok?
I just want to stress that "FFR" means "For Future Releases". Generally I don't think we should enable experimental features just because we can, and I can't see why EC would be different here. No objection though, my use case doesn't involve TLS. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
