#11915: General cipher security level ----------------------------------------+---------------------------- Reporter: ronald-scheckelhoff-trac | Owner: axeld Type: bug | Status: new Priority: low | Milestone: Unscheduled Component: Kits/Network Kit | Version: R1/Development Resolution: | Keywords: cipher suites Blocked By: | Blocking: Has a Patch: 0 | Platform: All ----------------------------------------+---------------------------- Comment (by ronald-scheckelhoff-trac): Replying to [comment:3 anevilyak]: > Replying to [comment:2 waddlesplash]: > > Personally, I don't really see why we should worry about this too much. Yes, 40-bit is insecure, but then again the sites that support 2048-bit TLS will use that instead. So on that front it's not really an issue. > > Except that's not the case, which is likely why this ticket was brought up to begin with: http://www.kb.cert.org/vuls/id/243585 Yes, and some servers tend to pick lower security cipher suites because they represent less overhead. Even Google will do this. Given a choice between DHE-RSA-WITH-AES256-SHA384 and an RC4 suite, it'll pick the RC4 suite. It's the server that gets to choose from your submitted suite list. -- Ticket URL: <https://dev.haiku-os.org/ticket/11915#comment:4> Haiku <https://dev.haiku-os.org> Haiku - the operating system.