On Tue, May 5, 2015 at 12:06 PM, Yann Ylavic <ylavic....@gmail.com> wrote:
> On Tue, May 5, 2015 at 6:26 PM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: > > On Tue, May 5, 2015 at 2:47 AM, Yann Ylavic <ylavic....@gmail.com> > wrote: > >> On Tue, May 5, 2015 at 3:19 AM, <wr...@apache.org> wrote: > >> > >> Also I'd suggest removing RC4 from the latter suite, it is not > >> considered secure ([1]), and maybe replace it with "AES128-SHA256" > >> (both secure and fast with SNI). > > Hmm, I meant AES-NI here (the CPU builtin instruction set), not SNI of > course :p > > >> > >> [1] http://www.isg.rhul.ac.uk/tls/ > > > > It's branded as less secure as things stand. I'd be happy if we ripped > that > > example from all 2.2/2.4/trunk branches. > > > > That said, if you want to retain it, do you have benchmarks to point us > at? > > E.g. > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Encryption-OpenSSL_Intel_AES-NI_Engine.html Was hoping for md4 vs. aes128 comparisons, (and AES-NI isn't everywhere, but will be, soon enough). While I agree md4 is less desirable, if we were going to make a recommendation, I'd go with favoring aes128 over md4 but retain md4 as a backup, in forced server preference. And label this a known-insecure configuration.