On Thursday 05 January 2012, Mathieu Parent wrote:
The BEAST vulnerability [1] can be prevented by removing all CBC
ciphers from your list of allowed ciphers—leaving only the RC4
cipher.
I don't think we want to do that. The normal RC4 algorithms (i.e. not
ECDHE-*-RC4*) don't provide perfect
severity 654764 wishlist
tags 654764 +wontfix
thanks
2012/1/6 Stefan Fritsch s...@sfritsch.de:
On Thursday 05 January 2012, Mathieu Parent wrote:
The BEAST vulnerability [1] can be prevented by removing all CBC
ciphers from your list of allowed ciphers—leaving only the RC4
cipher.
I don't
Package: apache2
Version: 2.2.21-5
Hi,
The BEAST vulnerability [1] can be prevented by removing all CBC
ciphers from your list of allowed ciphers—leaving only the RC4
cipher.
But as this can break some old browsers that don't support RC4 (I
couldn't name one, sorry), I propose instead to pop
3 matches
Mail list logo