|
From: | Nikos Mavrogiannopoulos |
Subject: | Re: alleged attack on TLS |
Date: | Wed, 21 Sep 2011 19:50:35 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.21) Gecko/20110831 Icedove/3.1.13 |
On 09/21/2011 07:43 PM, Chris Palmer wrote:
If you are using GnuTLS and want to prevent such attacks you can do the following: * Make sure that TLS 1.1 or TLS 1.2 are not disabled (gnutls enables them by default, but because of compatibility issues with broken peers they are often disabled)You can also use a non-CBC cipher suite, like RC4.
Unfortunately RC4 is the weakest cipher in TLS. Although no attacks are known for RC4 in TLS, I don't know if switching to it is a real solution. regards, Nikos
[Prev in Thread] | Current Thread | [Next in Thread] |