Apps shouldn't let users enter OpenSSL cipher-suite strings(00f.net)
00f.net
Apps shouldn't let users enter OpenSSL cipher-suite strings
https://00f.net/2025/06/06/cipher-suites/
12 コメント
I'm not going to take security advice from someone whose website I can't open in https.
Clientside apps: definitly not
on Server side: i usually set an minimum tls version, The ciphers baseline of HIGH and removing some ciphers like sha1, CBC and any NULL Containing cipher
https://web.archive.org/web/20250606081030/https://00f.net/2... given this seems to not accept (most?) TLS handshakes...
Site won't load so I can't see if it's advocating no choices or a different mechanism or granularity for choices.
But, say, itsec banning some tls1.2 "for compatibility reasons" options is less drastic than itsec just banning tls1.2 from the company network entirely.
But, say, itsec banning some tls1.2 "for compatibility reasons" options is less drastic than itsec just banning tls1.2 from the company network entirely.
ruh roh... "no secure protocols supported", per https://www.ssllabs.com/ssltest/analyze.html?d=00f.net
Yes they should. Enough with this authoritarian user-hostile attitude. I can't even connect to your site as you reject my ClientHello, and I'm not going to figure out why.
"Those who can't do it teach it."
That's how I implemented it. Just with less checkboxes.
“Safari can’t open the page because it couldn’t establish a secure connection to the server.”
Irony or satire?
Irony or satire?
Does not load in Firefox