[ntp:security] SSL problems with support.ntp.org

Kurt Seifried kseifried at redhat.com
Wed Oct 29 21:50:08 UTC 2014


no prob, assuming you're using apache or haproxy or something else
Linux/UNIXy I'm happy to help out with best config recommendations/etc,
in general you want

protocols: TLS 1.0/1.1/1.2
ciphers:
EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;

this provides backwards compat for older clients (like IE6 on XP), if
you are willing to dump that then get rid of the
"EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4"

On 29/10/14 02:53 PM, Harlan Stenn wrote:
> Kurt,
> 
> I see them now (and I also see some things that need to be fixed),
> thanks!
> 
> H
> 

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntp.org/private/security/attachments/20141029/5fbf248b/attachment.sig>


More information about the security mailing list