Unless things have changed, one of the issues is that in Apache, you cannot change the TLS cipher suite based on the version number. This is important because to ensure proper security, we'd want to make sure TLS 1.0 users only use RC4 while TLS 1.1 users only use a block cipher. Because this isn't supported, the only option we have is to just disable TLS 1.1 entirely. The ops team can correct me if this is at all incorrect.
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | [email protected] On Mon, Jul 29, 2013 at 2:51 PM, C. Scott Ananian <[email protected]>wrote: > That ssllabs link also shows that wikimedia has RC4 encryption enabled > on SSL connections, which offers no real security. This is apparently > related to the TLS 1.0 -vs- TLS 1.1/1.2 issue: > > https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what > --scott > > -- > (http://cscott.net) > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
