Re: alleged attack on TLS

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: alleged attack on TLS

From:	Nikos Mavrogiannopoulos
Subject:	Re: alleged attack on TLS
Date:	Wed, 21 Sep 2011 19:50:35 +0200
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.21) Gecko/20110831 Icedove/3.1.13

On 09/21/2011 07:43 PM, Chris Palmer wrote:

If you are using GnuTLS and want to prevent such attacks you can do
the following: * Make sure that TLS 1.1 or TLS 1.2 are not disabled
(gnutls enables them by default, but because of compatibility
issues with broken peers they are often disabled)

You can also use a non-CBC cipher suite, like RC4.


Unfortunately RC4 is the weakest cipher in TLS. Although no attacks are
known for RC4 in TLS, I don't know if switching to it is a real solution.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

alleged attack on TLS, Nikos Mavrogiannopoulos, 2011/09/21
- Re: alleged attack on TLS, Chris Palmer, 2011/09/21
  - Re: alleged attack on TLS, Nikos Mavrogiannopoulos <=
    - Re: alleged attack on TLS, Chris Palmer, 2011/09/21

Prev by Date: Re: alleged attack on TLS
Next by Date: Re: alleged attack on TLS
Previous by thread: Re: alleged attack on TLS
Next by thread: Re: alleged attack on TLS
Index(es):
- Date
- Thread