How prevalent is RC4 today? While web browsers still advertise RC4 cipher suites, how often do you see RC4 cipher suites advertised by the client and no AES or 3DES suites advertised? Does Akamai have any data on this? Maybe RC4 should now be disabled by default.
On 05/02/2014 09:49 AM, Salz, Rich wrote: >> Steve, have you considered trimming the DEFAULT cipher list? >> It's currently... >> #define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" >> I wonder how many of these ciphers are actually ever negotiated in >> real-world use. > I'm forwarding a bit of internal discussion; hope it's useful. This is from > one of our chief info-sec people: > My weak opinion is that cipher brokenness is most important (so put 3DES and > RC4 last, and the AEAD modes ahead of the MAC-then-encrypt modes), followed > by hash strength, followed by PFS presence, followed by SHA and AES bit > length. I think that would give us: > > ECDHE-ECDSA-AES256-GCM-SHA384 > ECDHE-ECDSA-AES256-GCM-SHA256 > ECDHE-ECDSA-AES128-GCM-SHA256 > ECDHE-RSA-AES256-GCM-SHA384 > ECDHE-RSA-AES128-GCM-SHA256 > AES256-GCM-SHA384 > AES128-GCM-SHA256 > ECDHE-ECDSA-AES256-SHA384 > ECDHE-ECDSA-AES256-SHA256 > ECDHE-ECDSA-AES128-SHA256 > ECDHE-RSA-AES256-SHA384 > ECDHE-RSA-AES128-SHA256 > AES256-SHA256 > AES128-SHA256 > AES128-SHA > RC4-SHA > DES-CBC3-SHA > > -- > Principal Security Engineer > Akamai Technologies, Cambridge, MA > IM: rs...@jabber.me; Twitter: RichSalz > > :��I"Ϯ��r�m����(���Z+�7�zZ)���1���x��h���W^��^��%�� ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org