[jdev] Securing XMPP
Dave Cridland
dave at cridland.net
Fri Sep 6 20:24:39 UTC 2013
On Fri, Sep 6, 2013 at 7:16 PM, Thijs Alkemade <thijs at xnyhps.nl> wrote:
> However, a large number of clients do not prioritize (EC)DHE above the non-
> ephemeral variants. To enforce that these are used, it is therefore
> required
> to either disable all non-ephemeral suites or configure the server to
> override
> the client's order with the server's order.
>
I may be talking rubbish, but shouldn't the server be overriding the
client's order by default anyway?
In other news, there's a lengthy discussion on use of ADH and
unauthenticated TLS in general - we;ve previously considered this largely
worthless, but using it forces an outside agency trying to "dragnet" to
MITM every connection, which raises significant overhead.
Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20130906/7463ed0a/attachment.html>
More information about the JDev
mailing list