「OpenSSL/InternetWeek2014/CiphersIvanRistic」の編集履歴(バックアップ)一覧はこちら
追加された行は緑色になります。
削除された行は赤色になります。
* Qualys社 Ivan Ristic 氏のPFS対応おすすめ暗号スイートリスト
http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
> EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS
>
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (ECDHE-ECDSA-AES256-GCM-SHA384)
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (ECDHE-ECDSA-AES128-GCM-SHA256)
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ECDHE-RSA-AES256-GCM-SHA384)
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ECDHE-RSA-AES128-GCM-SHA256)
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (ECDHE-ECDSA-AES256-SHA384)
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (ECDHE-ECDSA-AES128-SHA256)
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (ECDHE-RSA-AES256-SHA384)
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ECDHE-RSA-AES128-SHA256)
> TLS_ECDHE_RSA_WITH_RC4_128_SHA (ECDHE-RSA-RC4-SHA)
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ECDHE-RSA-AES256-SHA)
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (ECDHE-ECDSA-AES256-SHA)
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ECDHE-RSA-AES128-SHA)
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (ECDHE-ECDSA-AES128-SHA)
> TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (ECDHE-ECDSA-RC4-SHA)
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (DHE-RSA-AES256-GCM-SHA384)
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (DHE-RSA-AES256-SHA256)
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA (DHE-RSA-AES256-SHA)
> TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (DHE-RSA-CAMELLIA256-SHA)
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (DHE-RSA-AES128-GCM-SHA256)
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (DHE-RSA-AES128-SHA256)
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA (DHE-RSA-AES128-SHA)
> TLS_DHE_RSA_WITH_SEED_CBC_SHA (DHE-RSA-SEED-SHA)
> TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (DHE-RSA-CAMELLIA128-SHA)
> TLS_ECDH_RSA_WITH_RC4_128_SHA (ECDH-RSA-RC4-SHA)
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA (ECDH-ECDSA-RC4-SHA)
> TLS_RSA_WITH_RC4_128_SHA (RC4-SHA)
* Qualys社 Ivan Ristic 氏のPFS対応おすすめ暗号スイートリスト
http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
> OpenSSL系の設定パターン(改行は除く)
> EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+
> SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+
> aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS
>
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (ECDHE-ECDSA-AES256-GCM-SHA384)
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (ECDHE-ECDSA-AES128-GCM-SHA256)
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ECDHE-RSA-AES256-GCM-SHA384)
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ECDHE-RSA-AES128-GCM-SHA256)
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (ECDHE-ECDSA-AES256-SHA384)
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (ECDHE-ECDSA-AES128-SHA256)
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (ECDHE-RSA-AES256-SHA384)
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ECDHE-RSA-AES128-SHA256)
> TLS_ECDHE_RSA_WITH_RC4_128_SHA (ECDHE-RSA-RC4-SHA)
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ECDHE-RSA-AES256-SHA)
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (ECDHE-ECDSA-AES256-SHA)
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ECDHE-RSA-AES128-SHA)
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (ECDHE-ECDSA-AES128-SHA)
> TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (ECDHE-ECDSA-RC4-SHA)
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (DHE-RSA-AES256-GCM-SHA384)
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (DHE-RSA-AES256-SHA256)
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA (DHE-RSA-AES256-SHA)
> TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (DHE-RSA-CAMELLIA256-SHA)
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (DHE-RSA-AES128-GCM-SHA256)
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (DHE-RSA-AES128-SHA256)
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA (DHE-RSA-AES128-SHA)
> TLS_DHE_RSA_WITH_SEED_CBC_SHA (DHE-RSA-SEED-SHA)
> TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (DHE-RSA-CAMELLIA128-SHA)
> TLS_ECDH_RSA_WITH_RC4_128_SHA (ECDH-RSA-RC4-SHA)
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA (ECDH-ECDSA-RC4-SHA)
> TLS_RSA_WITH_RC4_128_SHA (RC4-SHA)