Its simple: fallback = a MITM attacker can force fallback = youre pwned...
> On 20 Feb 2015, at 19:42, Stefan Neufeind <[email protected]> > wrote: > > On 02/20/2015 07:26 PM, Patrick Ben Koetter wrote: >> A little off topic for DANE users, but somehow in scope. You might consider >> disabling RC4 in your servers cipher suite. IETF released an RFC requiring >> >> (...) that Transport Layer Security (TLS) clients and servers never >> negotiate the use of RC4 cipher suites when they establish connections. >> This applies to all TLS versions. This document updates RFCs 5246, 4346, >> and 2246. >> -- Prohibiting RC4 Cipher Suites, https://tools.ietf.org/rfc/rfc7465.txt > > How about support (as a fallback) for older clients? How "safe" (no pun > intended) is it to disable as of today? > > > Kind regards, > Stefan Andreas Fink CEO DataCell ehf CEO Backbone ehf --------------------------------------------------------------- Tel: +41-61-6666330 Fax: +41-61-6666331 Mobile: +41-79-2457333 Address: Clarastrasse 3, 4058 Basel, Switzerland E-Mail: [email protected] www.datacell.com, www.backbone.is, www.finkconsulting.com www.fink.org --------------------------------------------------------------- Jabber/XMPP: [email protected] ICQ: 8239353 Skype: andreasfink Support the reboot of the internet into secure mode: http://bootstrap.is <http://bootstrap.is/>
signature.asc
Description: Message signed with OpenPGP using GPGMail
