Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Some advice from the authors on how to properly deploy Diffie-Hellman:

https://weakdh.org/sysadmin.html




There's also https://cipherli.st/ which, imho, is better. What's really awful is the sets are similar yet almost disjoint, only agreeing on 4 cipher combos:

   DHE-RSA-AES128-GCM-SHA256
   DHE-RSA-AES128-SHA
   ECDHE-RSA-AES128-GCM-SHA256
   ECDHE-RSA-AES128-SHA
Personally I use the shorter "strong" config off cipherli.st


Our cipher recommendations on the Weak DH site come directly from Mozilla. See https://wiki.mozilla.org/Security/Server_Side_TLS#Recommende...


When I checked, I got 16 in common.

weakdh.org recommended 43, and cipherlist.st 16. cipherlist.st was a subset of the weakdh.org list.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: