On 02/20/2015 07:26 PM, Patrick Ben Koetter wrote: > A little off topic for DANE users, but somehow in scope. You might consider > disabling RC4 in your servers cipher suite. IETF released an RFC requiring > > (...) that Transport Layer Security (TLS) clients and servers never > negotiate the use of RC4 cipher suites when they establish connections. > This applies to all TLS versions. This document updates RFCs 5246, 4346, > and 2246. > -- Prohibiting RC4 Cipher Suites, https://tools.ietf.org/rfc/rfc7465.txt
How about support (as a fallback) for older clients? How "safe" (no pun intended) is it to disable as of today? Kind regards, Stefan
