Hello WebKit friends, We're looking at dropping 3DES cipher suites from TLS. For us, this is just TLS_RSA_WITH_3DES_EDE_CBC_SHA. Looks like Safari additionally supports TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA and TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, which would also fall under that category.
After TLS 1.0 and 1.1 were removed, our metrics report a whole 0.00% of TLS connections using TLS_RSA_WITH_3DES_EDE_CBC_SHA. (And, of course, no sites use the other two in Chrome, since we don't support them in the first place.) For additionally background and motivation, see the blink-dev posting here. https://groups.google.com/a/chromium.org/g/blink-dev/c/RShdgyaDoX4/m/JikQYHPuBQAJ David
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
