Message214360
As I said earlier Antoine, doing that puts PFS RC4 before non PFS AES. That isn't good because RC4 key stream bias makes it extremely fragile. RC4 needs to be in the default ciphers for compatibility sake but it should be dead last so that it's only used as a last ditch effort because it should *not* be considered generally secure anymore. |
|
Date |
User |
Action |
Args |
2014-03-21 13:16:27 | dstufft | set | recipients:
+ dstufft, lemburg, ncoghlan, pitrou, vstinner, christian.heimes, benjamin.peterson, ezio.melotti, Arfrever, alex, r.david.murray |
2014-03-21 13:16:27 | dstufft | set | messageid: <1395407787.06.0.461598052403.issue20995@psf.upfronthosting.co.za> |
2014-03-21 13:16:27 | dstufft | link | issue20995 messages |
2014-03-21 13:16:26 | dstufft | create | |
|