13-year-old SSL/TLS Weakness Exposing Sensitive Data in Plain Text
http://thehackernews.com/2015/03/rc4-ssl-tls-security.html
On Tue, Mar 17, 2015 at 5:08 PM, someone thisistheone8...@gmail.com wrote:
How much do we bet in $$$ that March 19. will be an RC4 related security
bug?
On Sat, Mar
On Sat, 7 Mar 2015 14:33:20 + (UTC)
Stuart Henderson wrote:
I just tried a handful of online banking sites in the qualys checker.
Only *one* of the ones I tried (nice job triodos) supports PFS at all.
Cool, we opened an account with triodos last week too.
I always knew SSL allows DOS
How much do we bet in $$$ that March 19. will be an RC4 related security
bug?
On Sat, Mar 7, 2015 at 3:33 PM, Stuart Henderson s...@spacehopper.org
wrote:
(ridiculous formatting adjusted)
On 2015-03-06, someone thisistheone8...@gmail.com wrote:
SUGGEST THE WORLD TO ONLY USE PERFECT FORWARD
(ridiculous formatting adjusted)
On 2015-03-06, someone thisistheone8...@gmail.com wrote:
SUGGEST THE WORLD TO ONLY USE PERFECT FORWARD SECRECY AND
REMOVE ALL THE WEAK CIPHERS IN LIBRESSL AND OPENSSL!
There is still not widespread support for PFS. Some of this is probably
due to use of old
So I argumented against ex.: RC4/*DES with the
https://jve.linuxwall.info/blog/index.php?post/TLS_Survey
but nothing in reply came in as con this looks like a one-sided topic...
I still don't understand why couldn't we put the KNOWN weak ciphers in the
fucking trash.. do you really think
It's not about one person disabling weak ciphers, it's about more..
REMOVE the lame weak ciphers in LibreSSL/OpenSSL NOW! Don't let the world
use them anymore! Don't be that NSA sponsored weak pussy!
99.9% of new or updated servers wont use RC4, 3DES, MD5, etc.
S
U
G
G
E
S
T
T
H
E
W
O
R
L
D
Your arguments is that one website out of four wouldn't be able to
talk with a client only
supporting PFS. It have been said that a lot of these bad apple are
bank server, those
who are not going to upgrade anytime soon.
If you need PFS only, go ahead. I'm pretty sure it's only a matter of
On Fri, Mar 06, 2015 at 04:43:00PM +0100, someone wrote:
So I argumented against ex.: RC4/*DES with the
https://jve.linuxwall.info/blog/index.php?post/TLS_Survey
but nothing in reply came in as con this looks like a one-sided topic...
I still don't understand why couldn't we put the
On 6 March 2015 at 07:43, someone thisistheone8...@gmail.com wrote:
I still don't understand why couldn't we put the KNOWN weak ciphers in the
fucking trash.. do you really think servers that are installed nowadays are
still using RC4? WHAT A BRIGHT FUTURE. Cryptographers are shouting LOUDly
Hello,
---
Does LibreSSL supports RSA export-grade keys? - FREAK Attack
Apple's SecureTransport and OpenSSL -- have a bug in them. This bug causes
them to accept RSA export-grade keys *even when the client didn't
I think that's a win.
What about PFS-only + HIGH ciphers?
On Wed, Mar 4, 2015 at 4:32 PM, Ted Unangst t...@tedunangst.com wrote:
someone wrote:
Does LibreSSL supports RSA export-grade keys? - FREAK Attack
Export ciphers were deleted from LibreSSL last summer.
I think that's a win.
What about PFS-only + HIGH ciphers?
What about interoperability? It is too early to restrict LibreSSL to
PFS ciphersuites, alas.
Miod
Sometimes you have to break things to make it better
On Wed, Mar 4, 2015 at 5:13 PM, Miod Vallat m...@online.fr wrote:
I think that's a win.
What about PFS-only + HIGH ciphers?
What about interoperability? It is too early to restrict LibreSSL to
PFS ciphersuites, alas.
Miod
interoperable - you mean there are still softwares that really count and
still cannot use/support HIGH ciphers? wow. What a world we live in.. :\
On Wed, Mar 4, 2015 at 7:27 PM, Miod Vallat m...@online.fr wrote:
Sometimes you have to break things to make it better
Yes, and getting people to
On Thu, 5 Mar 2015, at 07:37 AM, someone wrote:
interoperable - you mean there are still softwares that really count
and
still cannot use/support HIGH ciphers? wow. What a world we live in.. :\
On Wed, Mar 4, 2015 at 7:27 PM, Miod Vallat m...@online.fr wrote:
Sometimes you have to break
Sometimes you have to break things to make it better
Yes, and getting people to stop using LibreSSL because it suddenly is
not interoperable with anything would surely help a lot.
Instead, we are trying to get developers to try and use LibreSSL
provided libtsl, which defaults to sane, strong
someone wrote:
Does LibreSSL supports RSA export-grade keys? - FREAK Attack
Export ciphers were deleted from LibreSSL last summer.
They are just using what the softwares provide.
https://jve.linuxwall.info/blog/index.php?post/TLS_Survey
This guy scanned Alexa's list of top 1,000,000 websites. At janvier 11
2014. 45% of them had TLS support.
1.23% of websites only accept 3DES, and 1.56% of websites only accept RC4.
PFS
interoperable - you mean there are still softwares that really count and
still cannot use/support HIGH ciphers? wow. What a world we live in.. :\
There are still idiots top-posting, why wouldn't there be idiots
misconfiguring TLS servers or not giving a damn?
Miod
On Thu, 5 Mar 2015, at 07:37 AM, someone wrote:
interoperable - you mean there are still softwares that really count
and
still cannot use/support HIGH ciphers? wow. What a world we live in.. :\
On Wed, Mar 4, 2015 at 7:27 PM, Miod Vallat m...@online.fr wrote:
Sometimes you have to break
interoperable - you mean there are still softwares that really count and
still cannot use/support HIGH ciphers? wow. What a world we live in.. :\
Look, stop being a child. There are plenty of discussions about this
topic in many places.
21 matches
Mail list logo
