[erlang-questions] How safe is it to leave an open SSL port on the public internet?

code wiget <>
Wed Aug 30 16:28:04 CEST 2017


Fred,

This is exactly what I needed, thank you. This will serve as a great reference manual.


> On Aug 29, 2017, at 6:23 PM, Fred Hebert <> wrote:
> 
> On 08/29, Fred Hebert wrote:
>> Aside from the cache issues Max has mentioned, there's a few configuration values you might want by default:
>> 
>>  [{ciphers, CipherList},      % see below
>>   {honor_cipher_order, true}, % pick the server-defined order of ciphers
>>   {secure_renegotiate, true}, % prevent renegotiation hijacks
>>   {client_renegotiation, false}, % prevent clients DoSing w/ renegs
>>   {versions, ['tlsv1.2', 'tlsv1.1']}, % add tlsv1 if you must
>>   {reuse_sessions, false},    % drop session cache for perf
>>   {ecc, EllipticCurves}       % see below
>>  ].
>> 
> 
> Forgot to add {honor_ecc_order, true} to that list if you use the ecc option!



More information about the erlang-questions mailing list