janholtz
Jan 31, 2017Altostratus
Optimal cipher string
So Just asking for some opinions here, this is my current optimal cipher string:
!SSLv3:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-AES128-CBC-SHA
I basically suggest lopping off ciphers from the right, until client apps stop working, and then add the last one back. Also I guess disable renogiation and enable strict transport security in the HTTP profile.
Does this seem reasonable? What else can be suggested?
//Jan