-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/06/2013 01:13 PM, Perry E. Metzger wrote:
> Google is also now (I believe) using PFS on their connections, and > they handle more traffic than anyone. A connection I just made to > https://www.google.com/ came out as, TLS 1.2, RC4_128, SHA1, > ECDHE_RSA. There may be limits to how far they've deployed PFS on their user-facing services around the world at this time. I just accessed encrypted.google.com and Gmail from home, and here's what the Calomel SSL Validation add-on for Firefox (with HTTPS Finder and HTTPS-Everywhere, verified manually) and is telling me: Symmetric cipher RC4 (weak 10/49) Symmetric key length 128 bits (weak 8/19) Cert issued by Google, Inc, US SHA-1 with RSA @ 2048 bit (MODERATE 2/6) Manually keying https://www.google.com/ into my browser returned the same thing. Gmail shows me this: Symmetric cipher RC4 (weak 10/39) Symmetric key length 128 bits (weak 8/19) Cert issued by Google, Inc, US SHA-1 with RSA @ 2048 bit (MODERATE 2/6) https://www.google.com/analytics is returning the same as Gmail. Let's contrast this with ChaosPad: Symmetric cipher Camellia (STRONG 39/39) Symmetric key length 256 bits (STRONG 19/19) Cert issued by CAcert, Inc. SHA-1 with RSA @ 4096 bit (MODERATE 2/6) I'd be very interested in what other people see where they are. Alternatively, my browser's SSL/TLS configuration could be hosed, in which case I'm completely off base and probably need to torch my browser profile and start over. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Be the strange that you want to see in the world." --Gareth Branwyn -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIqdHwACgkQO9j/K4B7F8Ez8QCg0BvBhYA5EFVrTRwEqUCJFh0Y Pd8AoJGg5Zg+sKL4NdK76JxcwT1Yvcmb =T/D2 -----END PGP SIGNATURE----- _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography