Closed ffloimair closed 1 year ago
Some info on the Mozilla profiles implemented as part of this PR: https://wiki.mozilla.org/Security/Server_Side_TLS
@adubovikov feedback much appreciated
@ffloimair Looks good for me.Thank you so much. About Mozilla's profiles: do they need to be enabled by default ?
Thanks. They don't need to necessarily be enabled but I think it does make sense to make sure appropriate cipher suites are used. Some cipher suites that are "allowed" for TLS 1.2 are actually rather weak, so unless they are required they shouldn't be used. Using the profile makes sure to be on the safe side.
Ok, Thank you! Merged!
By default the echo server used in homer-app serves TLS 1.0. Since both TLS 1.0 and TLS 1.1 are considered deprecated (see: https://datatracker.ietf.org/doc/rfc8996/) the minimum TLS version should therefore be configurable and set to TLS 1.2 as the default value.
Also support Mozilla profiles (restricts cipher suites based on TLS version)