Open charlesmanser opened 5 years ago
To address one point only, that username changed a while ago; the corrected URL would, assuming it’s broken for just the rename and no other reason, be:
https://github.com/april/tls-table/blob/master/tls-table.py
On Thu, May 16, 2019 at 17:07 charlesmanser notifications@github.com wrote:
https://wiki.mozilla.org/Security/Server_Side_TLS#Cipher_suites states that the table is automatically generated via https://github.com/marumari/tls-table/blob/master/tls-table.py. That returns a 404, not found error.
The table may be stale now. It seems to recommend TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 as intermediate; however, sections like "Intermediate compatibility (default)" and https://statics.tls.security.mozilla.org/server-side-tls-conf.json do not recommend CBC-based ciphers.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mozilla/server-side-tls/issues/247?email_source=notifications&email_token=AAAWUDAT4HY22VSWIAEL5DDPVXZMVA5CNFSM4HNRBQL2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4GUJLGTA, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAWUDFK673LSU77DUWHTYLPVXZMVANCNFSM4HNRBQLQ .
It was always generated manually, and it uses the cipher suites on the wiki page, not the JSON (which I'm not sure existed at the time). It has been updated, but I'm keeping this open until everything is synced.
For example, when I check out https://wiki.mozilla.org/Security/Cipher_Suites, I see green highlighted TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384; however, https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility does not list any CBC/-cbc- ciphers.
Should be updated now with v5.7 — although manually as seen in #296
Issues with generating by tls-table
tracked:
https://wiki.mozilla.org/Security/Server_Side_TLS#Cipher_suites states that the table is automatically generated via https://github.com/marumari/tls-table/blob/master/tls-table.py. That returns a 404, not found error.
The table may be stale now. It seems to recommend TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 as intermediate; however, sections like "Intermediate compatibility (default)" and https://statics.tls.security.mozilla.org/server-side-tls-conf.json do not recommend CBC-based ciphers.