Hi Ben, On 09/09/2013 05:29 PM, Ben Laurie wrote: > Perry asked me to summarise the status of TLS a while back ... luckily I > don't have to because someone else has: > > http://tools.ietf.org/html/draft-sheffer-tls-bcp-00 > > In short, I agree with that draft. And the brief summary is: there's only > one ciphersuite left that's good, and unfortunately its only available in > TLS 1.2: > > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
I don't agree the draft says that at all. It recommends using the above ciphersuite. (Which seems like a good recommendation to me.) It does not say anything much, good or bad, about any other ciphersuite. Claiming that all the rest are no good also seems overblown, if that's what you meant. S. > > > > _______________________________________________ > The cryptography mailing list > cryptography@metzdowd.com > http://www.metzdowd.com/mailman/listinfo/cryptography > _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography