SEMI-OT: Prohibiting RC4 Cipher Suites
Andreas Fink
afink at list.fink.org
Fri Feb 20 20:01:09 CET 2015
Its simple: fallback = a MITM attacker can force fallback = youre pwned...
> On 20 Feb 2015, at 19:42, Stefan Neufeind <dane-users at stefan-neufeind.de> wrote:
>
> On 02/20/2015 07:26 PM, Patrick Ben Koetter wrote:
>> A little off topic for DANE users, but somehow in scope. You might consider
>> disabling RC4 in your servers cipher suite. IETF released an RFC requiring
>>
>> (...) that Transport Layer Security (TLS) clients and servers never
>> negotiate the use of RC4 cipher suites when they establish connections.
>> This applies to all TLS versions. This document updates RFCs 5246, 4346,
>> and 2246.
>> -- Prohibiting RC4 Cipher Suites, https://tools.ietf.org/rfc/rfc7465.txt
>
> How about support (as a fallback) for older clients? How "safe" (no pun
> intended) is it to disable as of today?
>
>
> Kind regards,
> Stefan
Andreas Fink
CEO DataCell ehf
CEO Backbone ehf
---------------------------------------------------------------
Tel: +41-61-6666330 Fax: +41-61-6666331 Mobile: +41-79-2457333
Address: Clarastrasse 3, 4058 Basel, Switzerland
E-Mail: andreas at fink.org
www.datacell.com, www.backbone.is, www.finkconsulting.com www.fink.org
---------------------------------------------------------------
Jabber/XMPP: andreas at fink.org
ICQ: 8239353 Skype: andreasfink
Support the reboot of the internet into secure mode: http://bootstrap.is <http://bootstrap.is/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150220/21d29ffc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150220/21d29ffc/attachment-0001.pgp>
More information about the dane-users
mailing list