Best cipher restriction settings BEAST/LOGJAM/SWEET32
This post has NOT been accepted by the mailing list yet.
i'm trying to figure out what could be the best setup to adopt for the cipher restriction argument in order to solve some flaws we have still open.
I thought i could resolve most of the vulnerabilities upgrading to latest version of openssl ( i m having test environment) but tests performed showed that it was not like this.
Indeed even if i updated to OpenSSL 1.1.0b 26 Sep 2016 that claims to have removed all DES vulnerabile ciphers I'm still able to perform a openssl s_client connection to my rabbitmq server using for example DES-CBC3-SHA
The weird thing is that some of the 3DES ciphers of the encryption family were disabled and the handshake did not happen.
Im not sure how to approach on this situation, i thought RMQ Erlang sticks with the openssl version reason for which i should have all the ciphers from DES/3DES removed.