SEMI-OT: Prohibiting RC4 Cipher Suites

Stefan Neufeind dane-users at
Fri Feb 20 19:42:02 CET 2015

On 02/20/2015 07:26 PM, Patrick Ben Koetter wrote:
> A little off topic for DANE users, but somehow in scope. You might consider
> disabling RC4 in your servers cipher suite. IETF released an RFC requiring
>    (...) that Transport Layer Security (TLS) clients and servers never
>    negotiate the use of RC4 cipher suites when they establish connections.
>    This applies to all TLS versions.  This document updates RFCs 5246, 4346,
>    and 2246.
>    -- Prohibiting RC4 Cipher Suites,

How about support (as a fallback) for older clients? How "safe" (no pun
intended) is it to disable as of today?

Kind regards,

More information about the dane-users mailing list