Project

General

Profile

Actions

Enhancement #301

closed

Allow cipher spec setting

Added by Christopher Head over 12 years ago. Updated about 8 years ago.

Status:
Resolved
Priority:
Normal
Target version:
Start date:
2012-08-11
Due date:
% Done:

100%

Estimated time:
Patch Available:
Yes
Found in Versions:
Confirmed:
Yes
Branch:
Security:
Yes
Help Needed:
No

Description

I want to use an RSA certificate because RSA is more widely supported. However, I want to refuse to use straight-RSA key exchange cipherspecs; I want to only ever use RSA+DHE key exchanges because they add perfect forward secrecy. I can't do that because bip doesn't allow me to enter a cipherspec string restricting what types of cipherspecs to use. Basically I want Apache/mod_ssl's <http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslciphersuite> in bip. This would also allow the administrator to disable other miscellaneous cipherspecs if they prove to be insecure without having to wait for new versions of software to come out.

Actions

Also available in: Atom PDF