On Fri, Aug 16, 2013 at 9:47 PM, Tyler Romeo <tylerromeo(a)gmail.com> wrote:
To be fair, I'm really only talking about
non-restrictive changes. For
example, right now we *only* have RC4. Rather than disable RC4 (which would
have consequences), I'm saying why haven't other normal ciphers been
enabled?
Because the other TLS 1.0 ciphers are *even worse*.
https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-br…
I believe the solution is to enable TLS 1.2, which has been discussed
before and is on the roadmap AFAIK.
--scott
--
(
http://cscott.net)