Confirmed users
529
edits
Security/Server Side TLS: Difference between revisions
→Prioritization logic
No edit summary |
|||
| Line 122: | Line 122: | ||
# PFS ciphersuites are preferred, with ECDHE first, then DHE. | # PFS ciphersuites are preferred, with ECDHE first, then DHE. | ||
# AES 128 is preferred to AES 256. There has been [[http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg11247.html discussions]] on whether AES256 extra security was worth the cost, and the result is far from obvious. At the moment, AES128 is preferred, because it provides good security, is really fast, and seems to be more resistant to timing attacks. | # AES 128 is preferred to AES 256. There has been [[http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg11247.html discussions]] on whether AES256 extra security was worth the cost, and the result is far from obvious. At the moment, AES128 is preferred, because it provides good security, is really fast, and seems to be more resistant to timing attacks. | ||
# AES is preferred to RC4. [[#Attacks_on_TLS BEAST]] attacks on AES are mitigated in TLS 1.1 and above, and difficult to achieve in TLS1.0. In comparison, attacks on RC4 are not mitigated and likely to become more and more dangerous. | # AES is preferred to RC4. [[#Attacks_on_TLS|BEAST]] attacks on AES are mitigated in TLS 1.1 and above, and difficult to achieve in TLS1.0. In comparison, attacks on RC4 are not mitigated and likely to become more and more dangerous. | ||
= Mandatory discards = | = Mandatory discards = | ||