On Wed, Jul 2, 2014 at 5:28 AM, Hubert Kario <hka...@redhat.com> wrote:
> > On 7/1/2014 14:05, Brian Smith wrote: > > > I think, in parallel with that, we can figure out why so many sites > > > are still using TLS_ECDHE_*_WITH_RC4_* instead of > > > TLS_ECDHE_*_WITH_AES* and start the technical evangelism efforts to > > > help them. Cheers, Brian > > The reason for sites choosing RC4 over AES_CBC might be due to the > > various vulnerabilities against CBC mode, at least for sites that > > support TLS 1.0 . > > problem is that to support AES-GCM and ECDHE you need the very newest > both Apache and OpenSSL. > > If you have older Apache, you do get TLS 1.2 and you do get SHA-256 > suites, but you can't use ECDHE. > It depends on what distro you are using and how old of an Apache you are talking about. Debian has shown it is relatively straightforward to backport ECDHE support to Apache 2.2.x, so I think other distros will also be able to do so. I'm sure it isn't a trivial effort, but it is definitely worthwhile to do so. > You also can't set different cipher order for TLS1.1 and up and TLS1.0 > and lower. > The software can be changed to add this feature, and those changes can be backported. > So a server that has order like this: > DHE-RSA-AES128-GCM-SHA256 > DHE-RSA-AES128-SHA256 > AES128-GCM-SHA256 > AES128-SHA256 > RC4-SHA > DHE-RSA-AES128-SHA > AES128-SHA > > will negotiate RC4 with Firefox. Such configuration has about 2% of > servers. > I understand. But, I think the best way of accommodating those servers is for the server software vendor to provide an (semi-)automatic update that enables the TLS_ECDHE_*_WITH_AES*_GCM_* cipher suites. Cheers, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
