View Single Post
Old 03-13-2014, 03:59 PM  
Yil
Too much time...
 
Join Date: May 2005
Posts: 1,194
Default

They seem to agree with me. The key there is the ECDHE which ioFTPD already uses. Their suggestion to use ECDSA certs to force old sites to fail in negotiation is a good way to get people to upgrade but very annoying since it breaks compatibility... Is there a problem sending or receiving to new glftpd servers at the moment? I'm not aware of any issues there since I think ECDHE cipher (and not cert) support should be all that's needed for interoperability and that gets you the per-connection unique encryption which is the whole point of this.

I'll play around with a new OpenSSL library build just to see what happens. I already know from previous testing that we can get a speedup on newer processors avoiding the hand-coded assembly routines which my builds use. That doesn't seem right, but evidently they were hand coded for old processors and never updated LOL...
Yil is offline   Reply With Quote