[haiku-bugs] Re: [Haiku] #11915: General cipher security level
- From: "ronald-scheckelhoff-trac" <trac@xxxxxxxxxxxx>
- Date: Fri, 20 Mar 2015 18:29:33 -0000
#11915: General cipher security level
----------------------------------------+----------------------------
Reporter: ronald-scheckelhoff-trac | Owner: axeld
Type: bug | Status: new
Priority: low | Milestone: Unscheduled
Component: Kits/Network Kit | Version: R1/Development
Resolution: | Keywords: cipher suites
Blocked By: | Blocking:
Has a Patch: 0 | Platform: All
----------------------------------------+----------------------------
Comment (by ronald-scheckelhoff-trac):
Replying to [comment:3 anevilyak]:
> Replying to [comment:2 waddlesplash]:
> > Personally, I don't really see why we should worry about this too
much. Yes, 40-bit is insecure, but then again the sites that support
2048-bit TLS will use that instead. So on that front it's not really an
issue.
>
> Except that's not the case, which is likely why this ticket was brought
up to begin with: http://www.kb.cert.org/vuls/id/243585
Yes, and some servers tend to pick lower security cipher suites because
they represent less overhead. Even Google will do this. Given a choice
between DHE-RSA-WITH-AES256-SHA384 and an RC4 suite, it'll pick the RC4
suite. It's the server that gets to choose from your submitted suite
list.
--
Ticket URL: <https://dev.haiku-os.org/ticket/11915#comment:4>
Haiku <https://dev.haiku-os.org>
Haiku - the operating system.
Other related posts:
