Re: TLS considering an rc4-die-die-die draft

To: Stephen Farrell <stephen.farrell%cs.tcd.ie@localhost>
Subject: Re: TLS considering an rc4-die-die-die draft
From: Damien Miller <djm%mindrot.org@localhost>
Date: Sun, 13 Apr 2014 21:18:53 +1000 (EST)

On Fri, 11 Apr 2014, Stephen Farrell wrote:

> 
> FYI. The TLS working group are thinking of adopting an
> rc4-die-die-die draft, that is to deprecate TLS ciphersuites
> that use RC4. Thread starts at [1], if you care about RC4
> please comment on that list, not here.
> 
> Someone however asked if SSH's used of RC4 ought also be
> deprecated at the same time, or not. Which could be done in
> the same document as the TLS one, or not.

OpenSSH will turn RC4 off soon - we're just trying to figure out how
to do it gently enough that working configurations don't suddenly break
yet firmly enough that people actually move to a better cipher.

We'll be recommending chacha20-poly1305%openssh.com@localhost as a replacment
where both ends upport it.

https://anongit.mindrot.org/openssh.git/tree/PROTOCOL.chacha20poly1305

-d

Follow-Ups:
- Re: TLS considering an rc4-die-die-die draft
  - From: Niels Möller
- Re: TLS considering an rc4-die-die-die draft
  - From: Stephen Farrell

References:
- TLS considering an rc4-die-die-die draft
  - From: Stephen Farrell

Prev by Date: Re: TLS considering an rc4-die-die-die draft
Next by Date: Re: Protocol ambiguity: want_reply vs CHANNEL_CLOSE
Previous by Thread: Re: TLS considering an rc4-die-die-die draft
Next by Thread: Re: TLS considering an rc4-die-die-die draft
Indexes:

Home | Main Index | Thread Index | Old Index