[Pkg-openssl-devel] Bug#778747: Bug#778747: openssl: RFC 7465 says RC4 is broken, never to be used
Vincent Bernat
bernat at debian.org
Sat Feb 21 07:52:59 UTC 2015
❦ 20 février 2015 22:50 +0100, Kurt Roeckx <kurt at roeckx.be> :
> Please note that RC4 in the default configuration should never be
> negiotated by modern clients and servers. The problem is
> administrators who think they know better changed somethign not to
> use the defaults. If we adjust the defaults it's not going to fix
> anything.
Many administrators don't use the defaults because the defaults are most
of the time inappropriate for a web server. At some time, RC4 was widely
advertised as the preferred cipher because it was immune to BEAST and
supported by all browsers from IE6.
--
Watch out for off-by-one errors.
- The Elements of Programming Style (Kernighan & Plauger)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20150221/f97955b8/attachment-0003.sig>
More information about the Pkg-openssl-devel
mailing list