[Cryptography] What TLS ciphersuites are still OK?
Ben Laurie
ben at links.org
Tue Sep 10 09:01:17 EDT 2013
On 9 September 2013 22:49, Stephen Farrell <stephen.farrell at cs.tcd.ie>wrote:
>
> Hi Ben,
>
> On 09/09/2013 05:29 PM, Ben Laurie wrote:
> > Perry asked me to summarise the status of TLS a while back ... luckily I
> > don't have to because someone else has:
> >
> > http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
> >
> > In short, I agree with that draft. And the brief summary is: there's only
> > one ciphersuite left that's good, and unfortunately its only available in
> > TLS 1.2:
> >
> > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
>
> I don't agree the draft says that at all. It recommends using
> the above ciphersuite. (Which seems like a good recommendation
> to me.) It does not say anything much, good or bad, about any
> other ciphersuite.
>
> Claiming that all the rest are no good also seems overblown, if
> that's what you meant.
>
Other than minor variations on the above, all the other ciphersuites have
problems - known attacks, unreviewed ciphers, etc.
If you think there are other ciphersuites that can be recommended -
particularly ones that are available on versions of TLS other than 1.2,
then please do name them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130910/b1cc1be4/attachment.html>
More information about the cryptography
mailing list