On 2015-02-28 04:15, Kosuke Kaizuka wrote:
I also propose removing the following ciphersuit:
000A TLS_RSA_WITH_3DES_EDE_CBC_SHA
because 3DES is a cipher that requires too much computing power compared to
AES, much more computer memory, lacks hardware acceleration on servers, is
rarely negotiated, has had its bitstrenght reduced below 128bits, and its
removal is on track with avoiding (and eventually removing) RSA key exchange.
Additionally, the servers that support (or even prefer!) 3DES always support
some AES ciphersuit too.
Some of old servers offer only TLS_RSA_WITH_3DES_EDE_CBC_SHA and
TLS_RSA_WITH_RC4_SHA. If TLS_RSA_WITH_3DES_EDE_CBC_SHA is removed,
TLS_RSA_WITH_RC4_SHA will be used.
Yes, we do want to use 3DES with those servers and not RC4.
Kurt
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
