Yes, the cloudflare advice does break chrome PFS. With the defaults, chrome show... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jcampbell1 on June 26, 2013 \| parent \| context \| favorite \| on: SSL: Intercepted today, decrypted tomorrow Yes, the cloudflare advice does break chrome PFS. With the defaults, chrome shows: `CAMELLIA_256_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism.` By changing to the suggestion in the comments, the encryption downgrades to: `The connection is encrypted using RC4_128, with SHA1 for message authentication and RSA as the key exchange mechanism.`

dfc on June 26, 2013 [–]

Yeah, I actually just noticed that cloudflare was using nginx so the qualys scan was not indicative of the cloudflare apache setup. I apologize I got distracted watching those genetic cars.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact