<div dir="ltr">On Mon, Sep 9, 2013 at 9:29 AM, Ben Laurie <span dir="ltr"><<a href="mailto:ben@links.org" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=ben@links.org&cc=&bcc=&su=&body=','_blank');return false;">ben@links.org</a>></span> wrote:<br>

<div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">

<div>And the brief summary is: there's only one ciphersuite left that's good, and unfortunately its only available in TLS 1.2:</div><div><br></div><div><pre style="font-size:1em;margin-bottom:0px;margin-top:0px">
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</pre>
</div></div></blockquote><div><br></div><div>A lot of people don't like GCM either ;) So we're screwed!</div><div><br></div><div>Well, aside from maybe this draft supporting Salsa20:</div><div><br></div><div><a href="http://tools.ietf.org/html/draft-josefsson-salsa20-tls-02">http://tools.ietf.org/html/draft-josefsson-salsa20-tls-02</a> </div>

</div><div><br></div>-- <br>Tony Arcieri<br>
</div></div>