[pve-devel] [PATCH manager] support ECDHE ciphers

Jos Ewert flami at flami.net
Mon Oct 31 19:16:40 CET 2016


Hi,

This patch adds elliptic curves to the HTTPserver.
That way pveproxy can now use ECDHE based ciphers 
which are faster that DHE ciphers and provide the
same amount of perfect forward secrecy.

As the default settings of the pveproxy use the 
HIGH ciphersuite, these ciphers will be used
automatically.

This also has the advantage that chrome now tells 
the user that they use a strong key exchange as it
no longer uses RSA.

Most of the code from the patch is from a cpan 
http2 example:

Protocol-HTTP2-1.07/examples/server-tls-anyevent.pl

as all it does is set a curve, I can't imagine much
that could be changed from that example.

Jos Ewert (1):
  Add ECDH curves to use with modern ciphers

 PVE/HTTPServer.pm | 7 +++++++
 1 file changed, 7 insertions(+)

-- 
2.7.4




More information about the pve-devel mailing list