Security/Server Side TLS: Difference between revisions

Jump to navigation Jump to search

Security/Server Side TLS (view source)

Revision as of 18:22, 15 October 2013

183 bytes added ,  15 October 2013
Mention new attack on RC4-based ciphers thanks to Steve Bellovin
(Mention new attack on RC4-based ciphers thanks to Steve Bellovin)
Line 130: Line 130:
# AES 128 is preferred to AES 256. There has been [[http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg11247.html discussions]] on whether AES256 extra security was worth the cost, and the result is far from obvious. At the moment, AES128 is preferred, because it provides good security, is really fast, and seems to be more resistant to timing attacks.
# AES 128 is preferred to AES 256. There has been [[http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg11247.html discussions]] on whether AES256 extra security was worth the cost, and the result is far from obvious. At the moment, AES128 is preferred, because it provides good security, is really fast, and seems to be more resistant to timing attacks.
# AES is preferred to RC4. [[#Attacks_on_TLS|BEAST]] attacks on AES are mitigated in TLS 1.1 and above, and difficult to achieve in TLS 1.0. In comparison, attacks on RC4 are not mitigated and likely to become more and more dangerous.
# AES is preferred to RC4. [[#Attacks_on_TLS|BEAST]] attacks on AES are mitigated in TLS 1.1 and above, and difficult to achieve in TLS 1.0. In comparison, attacks on RC4 are not mitigated and likely to become more and more dangerous.
# RC4-based ciphers '''ought to be completely removed''' from the list, better attacks are coming like this one: https://www.usenix.org/conference/usenixsecurity13/security-rc4-tls'


= Mandatory discards =
= Mandatory discards =
Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/729367"

Navigation menu