[Twisted-Python] [Twisted] #6663: Allow CertificateOptions to set acceptable SSL ciphers

Hynek Schlawack hs at ox.cx
Fri Aug 16 00:19:10 MDT 2013


>>  1. That there is a consent on high quality ciphers: for example right
> now there are roughly two fractions who agree what is the lesser evil: RC4
> or AES-CBC.
> 
> No, it is now clear that RC4 is the greater evil. The browsers have
> deployed defenses against the "BEAST" attack on CBC (the defense is "1/n-1
> record splitting"), and BEAST is an active attack which can only be used
> in some cases and which tends to leave evidence of the attempt. On the
> other hand, RC4 is apparently vulnerable to passive attacks, which are
> more serious.
> 
> (If I'm wrong and there actually *is* a faction who still prefers RC4
> despite the recent results against it, I'd like to read about it!)

I’m not going to argue ciphers with you because you’re obviously right and I already wrote elsewhere that I’m going to full defer to your judgement here.

To explain where the above came from and eg. Qualys is still somewhat for RC4 as a fallback cipher: to the best of my knowledge[1], Apple’s desktop Safari browser ''still'' hasn’t activated record splitting in its latest version and is thus still vulnerable to BEAST (and doesn’t support TLS>1).  But that’s probably a corner case enough to ignore in the defaults and will hopefully resolve itself in Mavericks.

[1]: Mostly from https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what and I’m not aware of any changes.


More information about the Twisted-Python mailing list