Re: [RFC] Improved TLS Defaults

From:	Pádraic Brady	Date:	Wed, 29 Jan 2014 12:36:57 +0000
Subject:	Re: [RFC] Improved TLS Defaults
References:	1 2 3	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi Daniel,

For those not overly familiar with attacks, here's a couple of references
for consideration:

http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html
http://www.isg.rhul.ac.uk/tls/Lucky13.html
(related to previous padded
oracle attack)

The Mozilla defaults are geared towards achieving perfect forward security
where possible (looks like IE and Safari have a way to go!) and it's
becoming more prominent with the NSA's activities.

The RFC, at a minimum, seems a positive change.

Paddy

--
Pádraic Brady

http://blog.astrumfutura.com
http://phpsecurity.readthedocs.org <http://www.survivethedeepend.com/>
Zend Framework Community Review Team
Zend Framework PHP-FIG Representative


   

Thread (7 messages)

• Daniel LowreyTue, 28 Jan 2014 21:50:52 +0000
  • Robert StollTue, 28 Jan 2014 22:00:52 +0000RE: [PHP-DEV] [RFC] Improved TLS Defaults
    • Daniel LowreyTue, 28 Jan 2014 22:05:23 +0000Re: [RFC] Improved TLS Defaults
      • Daniel LowreyTue, 28 Jan 2014 22:12:49 +0000
  • Yasuo OhgakiWed, 29 Jan 2014 02:39:16 +0000
    • Daniel LowreyWed, 29 Jan 2014 04:20:49 +0000
      • Pádraic BradyWed, 29 Jan 2014 12:36:57 +0000