Support strong TLS cipher suites for gitlab.labs.nic.cz

security

#1

Having the browser set to TLS 1.2 and 1.3 and limited to these strong cipher suites:

  • ecdhe_ecdsa_aes_256_gcm_sha384
  • ecdhe_ecdsa_aes_256_sha
  • ecdhe_ecdsa_chacha20_poly1305_sha256
  • ecdhe_rsa_aes_256_gcm_sha384
  • ecdhe_rsa_aes_256_sha
  • ecdhe_rsa_chacha20_poly1305_sha256

the connection with gitlab.labs.nic.cz fails:

Secure Connection Failed
An error occurred during a connection to gitlab.labs.nic.cz. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

Thus would appreciate that when the certificates gets renewed there would be support for those cipher suites.


#2

:astonished: AES < 256 is considered weak now?


#3

In my book it is but I would prefer this thread not going into a discussion about it but rather have the cipher suite support on the domain in question, similar to what is available on this forum.