On Fri, 15 Mar 2013 14:25:10 +0100
Erwann Abalea wrote:
> Drop RC4 when possible, add AES-GCM with TLS1.1+ wherever you can,
> upgrade software ASAP.
AES-GCM needs TLS 1.2 - supported by pretty much zero browsers (but at
least some activity recently in the mozilla bugtracker).
But I agree - go
Le 15/03/2013 11:34, Huzaifa Sidhpurwala a écrit :
On Fri, Mar 15, 2013 at 3:39 PM, Erwann Abalea
wrote:
Bonjour,
In my understanding, after a fast read of RFC5246, this won't work.
If RC4 is finally considered weak (at last), just don't use it anymore. Do
you use DES on your server? I guess n
Bonjour!
On Fri, Mar 15, 2013 at 3:39 PM, Erwann Abalea
wrote:
> Bonjour,
> In my understanding, after a fast read of RFC5246, this won't work.
>
> If RC4 is finally considered weak (at last), just don't use it anymore. Do
> you use DES on your server? I guess no.
Thanks for a quick reply.
Perh
Bonjour,
Le 15/03/2013 09:47, Huzaifa Sidhpurwala a écrit :
There are some recent research articles about attack against RC4 in TLS.
Some of these attacks were well known earlier, like biases in the first 256
numbers generated from the RC4 PRG, the newer research combines
this with statistical p
