On 9 September 2013 22:49, Stephen Farrell <stephen.farr...@cs.tcd.ie>wrote:
> > Hi Ben, > > On 09/09/2013 05:29 PM, Ben Laurie wrote: > > Perry asked me to summarise the status of TLS a while back ... luckily I > > don't have to because someone else has: > > > > http://tools.ietf.org/html/draft-sheffer-tls-bcp-00 > > > > In short, I agree with that draft. And the brief summary is: there's only > > one ciphersuite left that's good, and unfortunately its only available in > > TLS 1.2: > > > > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 > > I don't agree the draft says that at all. It recommends using > the above ciphersuite. (Which seems like a good recommendation > to me.) It does not say anything much, good or bad, about any > other ciphersuite. > > Claiming that all the rest are no good also seems overblown, if > that's what you meant. > Other than minor variations on the above, all the other ciphersuites have problems - known attacks, unreviewed ciphers, etc. If you think there are other ciphersuites that can be recommended - particularly ones that are available on versions of TLS other than 1.2, then please do name them.
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography