Bonjour,
Le 15/03/2013 09:47, Huzaifa Sidhpurwala a écrit :
There are some recent research articles about attack against RC4 in TLS.
Some of these attacks were well known earlier, like biases in the first 256
numbers generated from the RC4 PRG, the newer research combines
this with statistical procedure to extract plaintext from ciphertext.
I searched the openssl-dev achieves, but it seems that there is
not public discussion going around this yet. Any idea if openssl
is contemplating making changes to the RC4 protocol to make
it safer.
You can't change the RC4 algorithm. If you change it, it's no more RC4.
You could change the way RC4 is used in TLS. But if you do that, you'll
break interoperability with other TLS stacks.
Of-course a long/medium term solution could be to switch to
AEAD ciphersuites (AES-GCM for example). However in the short
term there could be other solutions like
AES-GCM is possible right now. Just activate it on your server, and
capable clients will be happy with it.
- Adding random numbers of bytes to initial requests.
You'll break TLS compatibility.
- Fragmenting initial request into 1 byte fields so that
the first 254 numbers are consumed.
In my understanding, after a fast read of RFC5246, this won't work.
If RC4 is finally considered weak (at last), just don't use it anymore.
Do you use DES on your server? I guess no.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
