View Single Post
  #3   (View Single Post)  
Old 8th October 2020
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 7,124

I'll guess an answer: probably. If I'm reading this correctly, the attack surface is an apparent weakness in the TLS 1.2 or older cryptographic protocols, and TLS 1.2 is still in active use.
  • The default cipher suite string used by both httpd(8) and relayd(8) is "HIGH:!aNULL". The "HIGH" suite of ciphers includes TLS 1.2. See both httpd.conf(5) and relayd.conf(5) for details.
  • To see the details of the protocols permitted by a cipher control string value, use $ openssl ciphers -v <string>. See the CIPHERS section of the openssl(1) man page and the DESCRIPTION section of the SSL_CTX_set_cipher_list(3) man page.
Reply With Quote