Martin Thomson <martin.thom...@gmail.com> wrote: > > The problem with DHE of course being that it uses the TLS 1.0 suites > with the SHA1 MAC and with the MAC and encrypt in the wrong order.
I'm confused about what you are thinking here. In TLSv1.0 through TLSv1.2 inclusive, all of the TLS handshake messages, including the *KeyExchange handshake messages (with the exception of Finished) are in the clear and neither MACed nor encrypted, so the ordering MtE vs. EtM for the GenericBlockCipher record PDU seems quite irrelevant. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls