Andrei Popov wrote:
> Hi Brian,
>
>
>
>- Look at Windows Server 2012 and similar legacy products that are in
>widespread use, which don't support any PFS cipher suites except FFDHE.
>
> Windows Server 2012/Windows 8 support both TLS_ECDHE_ECDSA and
> TLS_ECDHE_RSA cipher suites: TLS
Chrome dropped TLS 1.2 DHE nearly five years ago now. I don't have data on
the current DHE-to-RSA conversion, but I can tell you what it was then.
When we put it under a fallback for measurement, only 2% of connections
negotiated DHE. Of that 2%, 95% used 1024-bit DHE. That means we really
only
Hi Brian,
* Look at Windows Server 2012 and similar legacy products that are in
widespread use, which don't support any PFS cipher suites except FFDHE.
Windows Server 2012/Windows 8 support both TLS_ECDHE_ECDSA and TLS_ECDHE_RSA
cipher suites: TLS Cipher Suites in Windows 8 - Win32 apps |
TLS_DHE is weak when used with interoperable key lengths. It also causes
interop issues dues to several instances of under-specification (leading zeros,
lack of group negotiation). I'm in favor of deprecating TLS_DHE.
Cheers,
Andrei
-Original Message-
From: TLS On Behalf Of Martin