[pve-devel] applied: [PATCH spiceterm/qemu-server] change Spice cipher suites
Wolfgang Bumiller
w.bumiller at proxmox.com
Tue Jan 31 13:42:49 CET 2017
On Wed, Jan 11, 2017 at 03:51:40PM +0100, Fabian Grünbichler wrote:
> the old one is woefully inadequate and no longer supported
> by the most recent OpenSSL version.
>
> I'd like to change this quickly now, and make it configurable
> via /etc/default/pveproxy or datacenter.cfg later on (so that
> people that know which cipher suites offer the right security
> vs. performance tradeoff for their machines can choose on
> their own, just like for the web interface).
>
> MEDIUM under Jessie's Openssl includes 3DES and friends, so
> that one is IMHO not a good choice, so the only two alternatives
> are either HIGH (as in the patches) or a long manually curated
> cipher suite string which we need to maintain (or we could just
> follow one like bettercrypto.org's compatibility one..).
More information about the pve-devel
mailing list