[146665] in cryptography@c2.net mail archive
Re: [Cryptography] People should turn on PFS in TLS
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Fri Sep 6 13:24:27 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 6 Sep 2013 13:24:21 -0400
From: "Perry E. Metzger" <perry@piermont.com>
To: Ben Laurie <ben@links.org>
In-Reply-To: <CAG5KPzwhEshbcfk9Udr4GONG4pkWSFU80E0GpfPaoY5=4dvYYQ@mail.gmail.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Fri, 6 Sep 2013 18:18:05 +0100 Ben Laurie <ben@links.org> wrote:
> On 6 September 2013 18:13, Perry E. Metzger <perry@piermont.com>
> wrote:
>
> > Google is also now (I believe) using PFS on their connections, and
> > they handle more traffic than anyone. A connection I just made to
> > https://www.google.com/ came out as, TLS 1.2, RC4_128, SHA1,
> > ECDHE_RSA.
> >
> > It would be good to see them abandon RC4 of course, and soon.
> >
>
> In favour of what, exactly? We're out of good ciphersuites.
I thought AES was okay for TLS 1.2? Isn't the issue simply that
Firefox etc. still use TLS 1.0? Note that this was a TLS 1.2
connection.
--
Perry E. Metzger perry@piermont.com
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
