really drop SSLv2
Darren Albers
dalbers at gmail.com
Sun Aug 8 21:47:22 BST 2010
One of the attacks against SSL is to break all the attempts to
negotiate a strong cipher leaving the endpoints to negotiate a weak or
hopefully null cipher (If the server supports a null cipher which I
hope is not the case). If you want a strong environment make sure
that the weakest cipher you support is still one you would feel safe
transmitting confidential information over.
On Thu, Aug 5, 2010 at 10:02 AM, Etienne Goyer
<etienne.goyer at canonical.com> wrote:
> On 10-08-04 06:05 PM, Kees Cook wrote:
>> Hi Jim,
>>
>> On Wed, Aug 04, 2010 at 09:44:25AM -0400, Jim Tarvid wrote:
>>> Why not kill the weak ciphers too?
>>
>> Sure! Can you send a patch for this?
>
> I do not really see the point. Since the client and the server will
> negotiate the strongest cipher they both support, what exactly would we
> gain by removing cipher considered weak?
>
>
> --
> Etienne Goyer
> Technical Account Manager - Canonical Ltd
> Ubuntu Certified Instructor - LPIC-3
>
> ~= Ubuntu: Linux for Human Beings =~
>
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
>
More information about the ubuntu-devel
mailing list