[erlang-questions] How safe is it to leave an open SSL port on the public internet?
code wiget
codewiget95@REDACTED
Wed Aug 30 16:28:04 CEST 2017
Fred,
This is exactly what I needed, thank you. This will serve as a great reference manual.
> On Aug 29, 2017, at 6:23 PM, Fred Hebert <mononcqc@REDACTED> wrote:
>
> On 08/29, Fred Hebert wrote:
>> Aside from the cache issues Max has mentioned, there's a few configuration values you might want by default:
>>
>> [{ciphers, CipherList}, % see below
>> {honor_cipher_order, true}, % pick the server-defined order of ciphers
>> {secure_renegotiate, true}, % prevent renegotiation hijacks
>> {client_renegotiation, false}, % prevent clients DoSing w/ renegs
>> {versions, ['tlsv1.2', 'tlsv1.1']}, % add tlsv1 if you must
>> {reuse_sessions, false}, % drop session cache for perf
>> {ecc, EllipticCurves} % see below
>> ].
>>
>
> Forgot to add {honor_ecc_order, true} to that list if you use the ecc option!
More information about the erlang-questions
mailing list