Unless things have changed, one of the issues is that in Apache, you cannot
change the TLS cipher suite based on the version number. This is important
because to ensure proper security, we'd want to make sure TLS 1.0 users
only use RC4 while TLS 1.1 users only use a block cipher. Because this
isn't supported, the only option we have is to just disable TLS 1.1
entirely. The ops team can correct me if this is at all incorrect.
*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | tylerromeo(a)gmail.com
On Mon, Jul 29, 2013 at 2:51 PM, C. Scott Ananian <cananian(a)wikimedia.org>wrote;wrote:
That ssllabs link also shows that wikimedia has RC4
encryption enabled
on SSL connections, which offers no real security. This is apparently
related to the TLS 1.0 -vs- TLS 1.1/1.2 issue:
https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-br…
--scott
--
(
http://cscott.net)
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l