[ALUG] TLS RFC update.

Andreas Tauscher ta at geuka.net
Sat Feb 21 15:02:21 EAT 2015


Hi folks!

The IETF released a new RFC updating the TLS RFCs 5246, 4346 and 2246
https://tools.ietf.org/rfc/rfc7465.txt with the topic: "Prohibiting RC4
Cipher Suites"

[...]
RC4 is a stream cipher that is described in [SCH]; it is widely
supported, and often preferred by TLS servers.  However, RC4 has long
been known to have a variety of cryptographic weaknesses, e.g., see
[PAU], [MAN], and [FLU]. Recent cryptanalysis results [ALF] exploit
biases in the RC4 keystream to recover repeatedly encrypted
plaintexts.
[...]

I short: RC4 ciphers are now official banned because of weakness and
being broken since a while.

As a result with the next updates the common used encryption libs
OpenSSL, GnuTLS, LibreSSL, PolarSSL.... will disable RC4 based ciphers
by default or even entirely remove them.

This will mainly affect legacy clients running on Windows Server 2003
and XP using the system provided schannel (Explorer, Office...) if they
have to communicate with external servers encrypted.
All other not RC4 based ciphers schannel on this legacy systems provides
are also banned or at least disabled on most systems.

Another head shot for this (still a year after EOL in use) systems.

The author of this RFC is:
Andrei Popov
Microsoft Corp.
One Microsoft Way
Redmond, WA  98052
USA

;) They try really hard and everything to force users to upgrade.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.habari.co.tz/pipermail/linux/attachments/20150221/e4a651e6/attachment.pgp>


More information about the Linux mailing list