Brian,
On 7/1/2014 14:05, Brian Smith wrote:
I think, in parallel with that, we can figure out why so many sites
are still using TLS_ECDHE_*_WITH_RC4_* instead of
TLS_ECDHE_*_WITH_AES* and start the technical evangelism efforts to
help them. Cheers, Brian
The reason for sites choosing RC4 over AES_CBC might be due to the
various vulnerabilities against CBC mode, at least for sites that
support TLS 1.0 .
I think a more useful form of evangelism would be to get sites to stop
accepting SSL 3.0 and TLS 1.0 protocols.
Julien
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
