> From: [email protected] On Behalf Of Viktor Dukhovni > Sent: Monday, March 31, 2014 09:09 > To: [email protected] > Subject: Re: Insecure DEFAULT cipher set > > On Mon, Mar 31, 2014 at 08:49:37AM -0400, Hubert Kario wrote:
> > Problem is that RC4 is providing comparable security to export grade suites. > > It is essentially broken. > > The situation is not quite that dire, and the solution is not to > *remove* RC4 from the DEFAULT cipherlist (breaking interoperability), > but for servers to stop explicitly preferring it. OpenSSL has for a long > time placed RC4 *last* in the medium cipherlist, which is about right. > <snip: qualys> > The reason it is not last in practice is because some folks explicitly > raise its priority for performance reasons, out of habit, or because > of the various CBC attacks BEAST, CRIME, ... > Nitpick: BEAST and Lucky13 are CBC. CRIME and BREACH are compression and are modestly worse for RC4 (or GCM). ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
