On Mon, Jul 29, 2013 at 11:51 AM, C. Scott Ananian <[email protected]>wrote:
> That ssllabs link also shows that wikimedia has RC4 encryption enabled > on SSL connections, which offers no real security. This is apparently > related to the TLS 1.0 -vs- TLS 1.1/1.2 issue: > > https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what > --scott > > Well, you can either be vulnerable to BEAST or to the less practical attack against RC4. TLS 1.1/1.2 clients should choose the strongest cipher, while SSL3/TLS1 clients are sent a preferred server list, specifying RC4 first. See: <http://wiki.nginx.org/HttpSslModule#ssl_prefer_server_ciphers>. - Ryan _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
