[146673] in cryptography@c2.net mail archive
Re: [Cryptography] People should turn on PFS in TLS
daemon@ATHENA.MIT.EDU (Ben Laurie)
Fri Sep 6 14:32:09 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20130906132421.162f33ae@jabberwock.cb.piermont.com>
Date: Fri, 6 Sep 2013 18:56:51 +0100
From: Ben Laurie <ben@links.org>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============1997989523247143786==
Content-Type: multipart/alternative; boundary=047d7b673fb663837304e5bac348
--047d7b673fb663837304e5bac348
Content-Type: text/plain; charset=ISO-8859-1
On 6 September 2013 18:24, Perry E. Metzger <perry@piermont.com> wrote:
> On Fri, 6 Sep 2013 18:18:05 +0100 Ben Laurie <ben@links.org> wrote:
> > On 6 September 2013 18:13, Perry E. Metzger <perry@piermont.com>
> > wrote:
> >
> > > Google is also now (I believe) using PFS on their connections, and
> > > they handle more traffic than anyone. A connection I just made to
> > > https://www.google.com/ came out as, TLS 1.2, RC4_128, SHA1,
> > > ECDHE_RSA.
> > >
> > > It would be good to see them abandon RC4 of course, and soon.
> > >
> >
> > In favour of what, exactly? We're out of good ciphersuites.
>
> I thought AES was okay for TLS 1.2? Isn't the issue simply that
> Firefox etc. still use TLS 1.0? Note that this was a TLS 1.2
> connection.
>
Apart from its fragility, AES-GCM is still OK, yes. The problem is that
there's nothing good left for TLS < 1.2.
--047d7b673fb663837304e5bac348
Content-Type: text/html; charset=ISO-8859-1
<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On 6 September 2013 18:24, Perry E. Metzger <span dir="ltr"><<a href="mailto:perry@piermont.com" target="_blank">perry@piermont.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On Fri, 6 Sep 2013 18:18:05 +0100 Ben Laurie <<a href="mailto:ben@links.org">ben@links.org</a>> wrote:<br>
> On 6 September 2013 18:13, Perry E. Metzger <<a href="mailto:perry@piermont.com">perry@piermont.com</a>><br>
> wrote:<br>
><br>
> > Google is also now (I believe) using PFS on their connections, and<br>
> > they handle more traffic than anyone. A connection I just made to<br>
> > <a href="https://www.google.com/" target="_blank">https://www.google.com/</a> came out as, TLS 1.2, RC4_128, SHA1,<br>
> > ECDHE_RSA.<br>
> ><br>
> > It would be good to see them abandon RC4 of course, and soon.<br>
> ><br>
><br>
> In favour of what, exactly? We're out of good ciphersuites.<br>
<br>
</div></div>I thought AES was okay for TLS 1.2? Isn't the issue simply that<br>
Firefox etc. still use TLS 1.0? Note that this was a TLS 1.2<br>
connection.<br></blockquote><div><br></div><div>Apart from its fragility, AES-GCM is still OK, yes. The problem is that there's nothing good left for TLS < 1.2.</div><div><br></div></div></div></div>
--047d7b673fb663837304e5bac348--
--===============1997989523247143786==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============1997989523247143786==--