[Cryptography] What TLS ciphersuites are still OK?

Stephen Farrell stephen.farrell at cs.tcd.ie
Tue Sep 10 09:10:40 EDT 2013

On 09/10/2013 02:01 PM, Ben Laurie wrote:

>> Claiming that all the rest are no good also seems overblown, if
>> that's what you meant.
> Other than minor variations on the above, all the other ciphersuites have
> problems - known attacks, unreviewed ciphers, etc.

There are issues, sure. And way too many ciphersuites certainly.

> If you think there are other ciphersuites that can be recommended -
> particularly ones that are available on versions of TLS other than 1.2,
> then please do name them.

Since they're talking about it now on the TLS wg list, I'll
leave that them (and to folks who're qualified to figure if
the NIST, brainpool etc curves are ok, which doesn't include
me :-)

What I was pointing out is that there's a bit of a gap between
"no good" and "not what we'd recommend today." Since getting
rid of deployment of old stuff takes years, I think its
better that we don't overstate the issues that do exist. But
I very much welcome Yaron's draft and hope it shoots along


More information about the cryptography mailing list