How much do we bet in $$$ that March 19. will be an RC4 related security bug?
On Sat, Mar 7, 2015 at 3:33 PM, Stuart Henderson <s...@spacehopper.org> wrote: > (ridiculous formatting adjusted) > > On 2015-03-06, someone <thisistheone8...@gmail.com> wrote: > > SUGGEST> THE> WORLD> TO> ONLY> USE> PERFECT> FORWARD> SECRECY> AND> > > REMOVE> ALL> THE> WEAK> CIPHERS> IN> LIBRESSL> AND> OPENSSL! > > > There is still not widespread support for PFS. Some of this is probably > due to use of old software for whatever reason (slackness? not wanting to > change something which has been tested?), some will be due to sites not > wishing to increase CPU use (which PFS does). > > I just tried a handful of online banking sites in the qualys checker. > Only *one* of the ones I tried (nice job triodos) supports PFS at all.
