Implementing NTS options
Richard Laager
rlaager at wiktel.com
Sun Feb 3 00:09:22 UTC 2019
On 2/2/19 3:08 AM, Achim Gratz via devel wrote:
> Changing the OpenSSL ciphersuites is typically done on system-level,
> application-level is not unheard of, but I haven't personally seen a
> per-server configuration.
I strongly disagree. This is absolutely, 100% commonly done at the
application level. I have spent many, many hours doing this on systems
I've built myself and on canned appliance-type things like cPanel.
Apache is the most common example; there are hundreds of pages
explaining this, for reasons over time like:
- Addressing the BEAST attack
- Addressing flaws in particular algorithms
- PCI DSS compliance
--
Richard
More information about the devel
mailing list