> In addition to removing the very-weak (less than 70 bits security) ciphers > from the default list,this would be a good opportunity to reorder the default
I'd prefer to wait until TLS 1.3 is implemented, which has some definite (and rather strong :) feelings on the subject. Doing things like putting PFS first would greatly increase the computation load on servers and doesn't seem like the right thing to do as a quiet change. (But yes, moving RC4 down to LOW does seem to me like the right thing to do. :) > To protect from the known RC4 repeated-plaintext vulnerability, one might > consider adding rate limiting to some SSL/TLS protocol steps whenever RC4 is > actually used. The TLS WG looked at adding arbitrary padding as a record type. I hope it comes back. Maybe the fact that the next TLS WG interim meeting will be at INRIA, home of the triple-handshake attack and the padding proposal, will have some effect :) -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org