http/2 needs "weaker" ciphers?

p.heppler nginx-forum at nginx.us
Mon Oct 19 14:23:40 UTC 2015


The blacklist note says:
This list includes those cipher suites that do not offer an ephemeral key
exchange and those that are based on the TLS null, stream, or block cipher
type (as defined in Section 6.2.3 of [TLS12]).

But AES256+EECDH:AES256+EDH doesn't match this blacklist because those are
all ephemeral key exchange ciphers, aren't they?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,262084,262323#msg-262323



More information about the nginx mailing list