On Fri, Aug 16, 2013 at 9:47 PM, Tyler Romeo tylerromeo@gmail.com wrote:
To be fair, I'm really only talking about non-restrictive changes. For example, right now we *only* have RC4. Rather than disable RC4 (which would have consequences), I'm saying why haven't other normal ciphers been enabled?
Because the other TLS 1.0 ciphers are *even worse*. https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-bro...
I believe the solution is to enable TLS 1.2, which has been discussed before and is on the roadmap AFAIK. --scott