----- Original Message ----- > From: "Julien Pierre" <julien.pie...@oracle.com> > To: "mozilla's crypto code discussion list" > <dev-tech-crypto@lists.mozilla.org> > Cc: mozilla-dev-tech-cry...@lists.mozilla.org > Sent: Wednesday, 2 July, 2014 4:15:15 AM > Subject: Re: Road to RC4-free web (the case for YouTube without RC4) > > Brian, > > On 7/1/2014 14:05, Brian Smith wrote: > > I think, in parallel with that, we can figure out why so many sites > > are still using TLS_ECDHE_*_WITH_RC4_* instead of > > TLS_ECDHE_*_WITH_AES* and start the technical evangelism efforts to > > help them. Cheers, Brian > The reason for sites choosing RC4 over AES_CBC might be due to the > various vulnerabilities against CBC mode, at least for sites that > support TLS 1.0 .
problem is that to support AES-GCM and ECDHE you need the very newest both Apache and OpenSSL. If you have older Apache, you do get TLS 1.2 and you do get SHA-256 suites, but you can't use ECDHE. You also can't set different cipher order for TLS1.1 and up and TLS1.0 and lower. So a server that has order like this: DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 AES128-GCM-SHA256 AES128-SHA256 RC4-SHA DHE-RSA-AES128-SHA AES128-SHA will negotiate RC4 with Firefox. Such configuration has about 2% of servers. -- Regards, Hubert Kario -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
