On 10 September 2013 03:59, james hughes <hugh...@mac.com> wrote: > > On Sep 9, 2013, at 2:49 PM, Stephen Farrell <stephen.farr...@cs.tcd.ie> > wrote: > > On 09/09/2013 05:29 PM, Ben Laurie wrote: > > Perry asked me to summarise the status of TLS a while back ... luckily I > don't have to because someone else has: > > http://tools.ietf.org/html/draft-sheffer-tls-bcp-00 > > In short, I agree with that draft. And the brief summary is: there's only > one ciphersuite left that's good, and unfortunately its only available in > TLS 1.2: > > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 > > I retract my previous "+1" for this ciphersuite. This is hard coded 1024 > DHE and 1024bit RSA. >
It is not hard coded to 1024 bit RSA. I have seen claims that some platforms hard code DHE to 1024 bits, but I have not investigated these claims. If true, something should probably be done.
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
