[Cryptography] What TLS ciphersuites are still OK?
Stephen Farrell
stephen.farrell at cs.tcd.ie
Mon Sep 9 17:49:13 EDT 2013
Hi Ben,
On 09/09/2013 05:29 PM, Ben Laurie wrote:
> Perry asked me to summarise the status of TLS a while back ... luckily I
> don't have to because someone else has:
>
> http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
>
> In short, I agree with that draft. And the brief summary is: there's only
> one ciphersuite left that's good, and unfortunately its only available in
> TLS 1.2:
>
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
I don't agree the draft says that at all. It recommends using
the above ciphersuite. (Which seems like a good recommendation
to me.) It does not say anything much, good or bad, about any
other ciphersuite.
Claiming that all the rest are no good also seems overblown, if
that's what you meant.
S.
>
>
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
More information about the cryptography
mailing list