John Mattsson <[email protected]> writes: >There are many TLS 1.2 implementations supporting >TLS_RSA_WITH_AES_128_CBC_SHA (Static RSA key exchange, AES-CBC in MtE >composition, and SHA-1) just because it is MTI in RFC 5246.
Every time I've encountered RSA suites still used today (and it's not uncommon, e.g. in wholesale banking) it has nothing to do with RFC 5246 which the people using the suites barely know exists, let alone any MTI stuff buried in some appendix at the end which may as well be invisible. It's because of the "DHE bad" meme from a few years ago which resulted in people turning off all the DHE suites and so what was left standing was RSA. So the lesson from this isn't "don't do MTI", it's "don't issue a blanket ban on an entire cipher family just because someone found one or two buggy implementations of it somewhere". Peter. _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
