[Wikimedia-l] Disinformation regarding perfect forward secrecy for HTTPS

Anthony wikimail at inbox.org
Sat Aug 3 13:19:05 UTC 2013


On Sat, Aug 3, 2013 at 4:19 AM, Ryan Lane <rlane at wikimedia.org> wrote:

> On Fri, Aug 2, 2013 at 7:23 PM, Anthony <wikimail at inbox.org> wrote:
> > It seems that the ciphers which run in CBC mode, at least, are padded.
> >  Wikipedia currently seems to be set to use RC4 128.  I'm not sure what,
> if
> > any, padding is used by that cipher.  But presumably Wikipedia will
> switch
> > to a better cipher if Wikimedia cares about security.
> >
>
> We're currently have RC4 and AES ciphers in our list, but have RC4 listed
> first and have a server preference list to combat BEAST. TLS 1.1/1.2 are
> enabled and I'll be adding the GCM ciphers to the beginning of the list
> either during Wikimania or as soon as I get back.
>

Rereading that it looks like I might have implied that Wikimedia didn't
care about security.  That was absolutely not my intended implication.
 Sorry about that.


More information about the Wikimedia-l mailing list