On Fri, Aug 16, 2013 at 9:47 PM, Tyler Romeo <[email protected]> wrote:
> To be fair, I'm really only talking about non-restrictive changes. For > example, right now we *only* have RC4. Rather than disable RC4 (which would > have consequences), I'm saying why haven't other normal ciphers been > enabled? Because the other TLS 1.0 ciphers are *even worse*. https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what I believe the solution is to enable TLS 1.2, which has been discussed before and is on the roadmap AFAIK. --scott -- (http://cscott.net) _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
