subject:"Proposal for TLS config sanity check"

Re: Proposal for TLS config sanity check

2019-05-23 Thread Coty Sutherland

On Tue, May 21, 2019 at 5:43 PM Mark Thomas wrote: > On 21/05/2019 21:46, Christopher Schultz wrote: > > All, > > > > Looking at the legacy-versus-modern TLS configuration (Connector vs > > SSLHostConfig), it seems easy for an admin to create a configuration > > that looks like this (paraphrasing

Re: Proposal for TLS config sanity check

2019-05-21 Thread Mark Thomas

On 21/05/2019 21:46, Christopher Schultz wrote: > All, > > Looking at the legacy-versus-modern TLS configuration (Connector vs > SSLHostConfig), it seems easy for an admin to create a configuration > that looks like this (paraphrasing): > > > hostname="mysite.com" >SSLCertifica

Proposal for TLS config sanity check

2019-05-21 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, Looking at the legacy-versus-modern TLS configuration (Connector vs SSLHostConfig), it seems easy for an admin to create a configuration that looks like this (paraphrasing): Where the expectation is that only TLSv1.2 will be enabled for