Re: [Twisted-Python] [Twisted] #6663: Allow CertificateOptions to set acceptable SSL ciphers
1. That there is a consent on high quality ciphers: for example right now there are roughly two fractions who agree what is the lesser evil: RC4 or AES-CBC.
No, it is now clear that RC4 is the greater evil. The browsers have deployed defenses against the "BEAST" attack on CBC (the defense is "1/n-1 record splitting"), and BEAST is an active attack which can only be used in some cases and which tends to leave evidence of the attempt. On the other hand, RC4 is apparently vulnerable to passive attacks, which are more serious.
(If I'm wrong and there actually *is* a faction who still prefers RC4 despite the recent results against it, I'd like to read about it!)
I’m not going to argue ciphers with you because you’re obviously right and I already wrote elsewhere that I’m going to full defer to your judgement here. To explain where the above came from and eg. Qualys is still somewhat for RC4 as a fallback cipher: to the best of my knowledge[1], Apple’s desktop Safari browser ''still'' hasn’t activated record splitting in its latest version and is thus still vulnerable to BEAST (and doesn’t support TLS>1). But that’s probably a corner case enough to ignore in the defaults and will hopefully resolve itself in Mavericks. [1]: Mostly from https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-bro... and I’m not aware of any changes.
please disregard this mail I mixed up the behavior of roundup and trac.
feel free to comment on ticket #6663 though.
Am 16.08.2013 um 08:19 schrieb Hynek Schlawack
1. That there is a consent on high quality ciphers: for example right now there are roughly two fractions who agree what is the lesser evil: RC4 or AES-CBC.
No, it is now clear that RC4 is the greater evil. The browsers have deployed defenses against the "BEAST" attack on CBC (the defense is "1/n-1 record splitting"), and BEAST is an active attack which can only be used in some cases and which tends to leave evidence of the attempt. On the other hand, RC4 is apparently vulnerable to passive attacks, which are more serious.
(If I'm wrong and there actually *is* a faction who still prefers RC4 despite the recent results against it, I'd like to read about it!)
I’m not going to argue ciphers with you because you’re obviously right and I already wrote elsewhere that I’m going to full defer to your judgement here.
To explain where the above came from and eg. Qualys is still somewhat for RC4 as a fallback cipher: to the best of my knowledge[1], Apple’s desktop Safari browser ''still'' hasn’t activated record splitting in its latest version and is thus still vulnerable to BEAST (and doesn’t support TLS>1). But that’s probably a corner case enough to ignore in the defaults and will hopefully resolve itself in Mavericks.
[1]: Mostly from https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-bro... and I’m not aware of any changes. _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
participants (1)
-
Hynek Schlawack