[arch-devops] HTTP/2 on Luna

Florian Pritz bluewind at xinu.at
Sun May 8 17:15:47 UTC 2016

On 08.05.2016 18:31, Pierre Schmitz wrote:
> I'd like to enable h2 on luna. Are there any objections?

If it doesn't cause any problems, no objection.

> ssl_prefer_server_ciphers on;
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

I hope those are already set.


This enables different ciphers than those published by bettercrypto.org
which I believe we use. Especially it enables some DHE-DSS ciphers which
I don't know anything about. I'm assuming it's a different name for DSA,
but I wonder why those are not included in the bettercrypto suite.
Additionally your suite would enable ECDHE-ECDSA ciphers which are also
excluded by bettercrypto. Could you check why they specifically exclude
them and if their reasoning matters for us?

The bettercrypto.org list is `openssl ciphers
| tr ":" "\n"` while yours is `openssl ciphers

I also just eyeballed the lists. You may want to diff them just in case
I missed something.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-devops/attachments/20160508/bb067c81/attachment.asc>

More information about the arch-devops mailing list