On Jan 7, 2014, at 11:24 AM, stef <s...@ctrlc.hu> wrote: > On Tue, Jan 07, 2014 at 11:18:45AM +0100, L. Aaron Kaplan wrote: >> 1. We will have three config options: cipher String A,B,C ( generic safe >> config, maximum interoperability (== this also makes the mozilla people >> happy then) and finally a super-hardened setting (with reduced >> compatibility)). > > lacking the context on >> this also makes the mozilla people happy then
There were some discussions on the bettercrypto list regarding also supporting Windows XP (which means RC4 or 3DES). And there was a very good argument that a *lot* of people still use XP and for many sites it is not an option to exclude them. On the other hand, WinXP is end of life. It's a hard choice.... So, I guess that was a really good reason and personally I don't see any reason so far to assume: > > if that refers to firefox lack of tlsv1.2 support, it's in there starting from > +24, but the mozilla people are still doing everything to maintain my > suspicion of being complicit with the nsa, so it's not advertised and disabled > by default. you can enable this in about:config where you set > security.tls.version.max to 3 > --- // L. Aaron Kaplan <kap...@cert.at> - T: +43 1 5056416 78 // CERT Austria - http://www.cert.at/ // Eine Initiative der nic.at GmbH - http://www.nic.at/ // Firmenbuchnummer 172568b, LG Salzburg
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography