[pve-devel] [PATCH manager] support ECDHE ciphers
Jos Ewert
flami at flami.net
Mon Oct 31 19:16:40 CET 2016
Hi,
This patch adds elliptic curves to the HTTPserver.
That way pveproxy can now use ECDHE based ciphers
which are faster that DHE ciphers and provide the
same amount of perfect forward secrecy.
As the default settings of the pveproxy use the
HIGH ciphersuite, these ciphers will be used
automatically.
This also has the advantage that chrome now tells
the user that they use a strong key exchange as it
no longer uses RSA.
Most of the code from the patch is from a cpan
http2 example:
Protocol-HTTP2-1.07/examples/server-tls-anyevent.pl
as all it does is set a curve, I can't imagine much
that could be changed from that example.
Jos Ewert (1):
Add ECDH curves to use with modern ciphers
PVE/HTTPServer.pm | 7 +++++++
1 file changed, 7 insertions(+)
--
2.7.4
More information about the pve-devel
mailing list