[erlang-questions] How safe is it to leave an open SSL port on the public internet?

Fred Hebert <>
Wed Aug 30 00:23:55 CEST 2017


On 08/29, Fred Hebert wrote:
>Aside from the cache issues Max has mentioned, there's a few 
>configuration values you might want by default:
>
>   [{ciphers, CipherList},      % see below
>    {honor_cipher_order, true}, % pick the server-defined order of ciphers
>    {secure_renegotiate, true}, % prevent renegotiation hijacks
>    {client_renegotiation, false}, % prevent clients DoSing w/ renegs
>    {versions, ['tlsv1.2', 'tlsv1.1']}, % add tlsv1 if you must
>    {reuse_sessions, false},    % drop session cache for perf
>    {ecc, EllipticCurves}       % see below
>   ].
>

Forgot to add {honor_ecc_order, true} to that list if you use the ecc 
option!


More information about the erlang-questions mailing list