[Cryptography] POODLE vs short key

Carlos P charly_en_el_trabajo at yahoo.com
Mon Dec 29 07:33:54 EST 2014

Thank you, Rich, but the only thing that I can do is turn on or off the available ciphersuites, it is a dilemma, I am stuck on an old server version.

     El Miércoles, 24 de diciembre, 2014 14:06:42, "Salz, Rich" <rsalz at akamai.com> escribió:

 > What do you think is worst having enabled, POODLE or TLS with 56 bit keys?

Install the SCSV fallback. Modern clients (say those written shortly after the start of this century) will do TLS, older ones can use SSL, and you can avoid having the modern ones tricked into acting like older ones.  The server-side code is pretty easy to do, and is bundled into OpenSSL since the time of disclosure.

Note that this will catch many false-positives because of network hiccups and browsers not always being able to tell when it's the network and when it's the server denying them.

The cryptography mailing list
cryptography at metzdowd.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141229/dfe2ed1b/attachment.html>

More information about the cryptography mailing list