Cipher security
As we have seen through this chapter, there are several algorithms for encryption, signing, and hashing, and each one has a different security level and has or could have known problems in the future. Therefore it is important to understand which algorithms are good to use and which are not, and obviously, how to communicate this to your software.
The majority of installations today rely on OpenSSL for all SSL/TLS encryption and decryption. OpenSSL can inform you about what algorithms you can use and their security status. To do so, you can execute it as follows:
$ openssl ciphers DEFAULT ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH...