Confirmed users
529
edits
Talk:Security/Server Side TLS: Difference between revisions
Jump to navigation
Jump to search
Talk:Security/Server Side TLS (view source)
Revision as of 15:19, 15 December 2013
, 15 December 2013→RC4
(→RC4) |
(→RC4) |
||
| Line 9: | Line 9: | ||
RC4-based ciphers '''ought to be completely removed''' from the list, better attacks are coming like this one: https://www.usenix.org/conference/usenixsecurity13/security-rc4-tls' | RC4-based ciphers '''ought to be completely removed''' from the list, better attacks are coming like this one: https://www.usenix.org/conference/usenixsecurity13/security-rc4-tls' | ||
=== by Kroeckx on 15 December 2013 === | |||
The reason to keep RC4 or 3DES is to support windows XP. Maybe 3DES should be kept instead since it it's still considered secure but slow. | The reason to keep RC4 or 3DES is to support windows XP. Maybe 3DES should be kept instead since it it's still considered secure but slow. | ||
=== by ulfr on 15 December 2013 === | |||
See the discussion in https://bugzilla.mozilla.org/show_bug.cgi?id=927045. | |||
Cryptographic strength is one of many parameters that we have to consider when hosting large scale websites. Speed and resources consumption is another one. While 3DES could, theoretically, replace RC4, the difference in cost makes it tricky to do in practice. We are looking at ways to measure our CPU usage to see if it is feasible at all. | |||
That being said, sites that don't want to support WinXP users can feel free to disable RC4, or swap it with 3DES. | |||
== Page protection == | == Page protection == | ||