10 Jan
2014
10 Jan
'14
9:51 p.m.
Hi,
is it possible to force the server cipher order instead of the clients preferences? When I connect with openssl using these ciphers:
'RC4-SHA:DHE-RSA-AES256-GCM-SHA384' -> RC4-SHA will be selected and with 'DHE-RSA-AES256-GCM-SHA384:RC4-SHA' -> DHE-RSA-AES256-GCM-SHA384
It seems to be recommended for webservers to override that due to bad clients choices and increasing knowledge, like RC4 vs. BEAST, AES128 better (theoretical) than AES256.
Regards, Matthias