On 14/03/2024 15:15, Matus UHLAR - fantomas via mailop wrote:
Doesn't this mean that if we disable weak ciphers and exchanges, there are still some secure options left even with tls 1.0/1.1 ?
You'd be left with one (two-ish), ECDHE+CBC+SHA1+AES128 or AES256. CBC being the "weakest" part in that combination due to how hard it is to safely implement, but it's not broken (in theory) on its own (but caveats apply). Maybe also a couple with ARIA or CAMELLIA, but that's even rarer in terms of trying to be compatible. Shouldn't rely on DHE because it's a potential DoS risk or RSA KeX because it can't provide PFS. But disabling either has probably the biggest impact on backwards compatibility.
In the end there really aren't any that are good, there's only a few that are better than plaintext.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
