On Fri, Aug 2, 2013 at 7:23 PM, Anthony
<wikimail(a)inbox.org> wrote:
It seems that the ciphers which run in CBC mode,
at least, are padded.
Wikipedia currently seems to be set to use RC4 128. I'm not sure what,
if
any, padding is used by that cipher. But
presumably Wikipedia will
switch
to a better cipher if Wikimedia cares about
security.
We're currently have RC4 and AES ciphers in our list, but have RC4 listed
first and have a server preference list to combat BEAST. TLS 1.1/1.2 are
enabled and I'll be adding the GCM ciphers to the beginning of the list
either during Wikimania or as soon as I get back.
Rereading that it looks like I might have implied that Wikimedia didn't
care about security. That was absolutely not my intended implication.
Sorry about that.