April King
GitHub
Коммит
39a83d529c
|
|
@ -96,7 +96,7 @@ For services with clients that support TLS 1.3 and don't need backward compatibi
|
|||
* Rationale:
|
||||
** All cipher suites are [https://en.wikipedia.org/wiki/Forward_secrecy forward secret] and [https://en.wikipedia.org/wiki/Authenticated_encryption authenticated]
|
||||
** The cipher suites are all strong and so we allow the client to choose, as they will know best if they have support for hardware-accelerated AES
|
||||
** We recommend ECDSA certificates using P-256, as P-384 provides negligable improvements to security and Ed25519 is not yet widely supported
|
||||
** We recommend ECDSA certificates using P-256, as P-384 provides negligible improvements to security and Ed25519 is not yet widely supported
|
||||
|
||||
== <span style="color:orange;">'''Intermediate'''</span> compatibility (recommended) ==
|
||||
<p style="max-width: 60em;">For services that don't need compatibility with legacy clients, such as Windows XP or old versions of OpenSSL. This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.</p>
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче