User: Password:
Subscribe / Log in / New account

suggestion for webserver administrators.

suggestion for webserver administrators.

Posted Jul 25, 2013 18:38 UTC (Thu) by jeff_marshall (subscriber, #49255)
In reply to: suggestion for webserver administrators. by Richard_J_Neill
Parent article: Feds put heat on Web firms for master encryption keys (CNET)

Thanks for the clarification. I think my confusion stemmed from your use of "cipher" vs. "cipher suite"( i.e., ECHDE is a cipher, ECDHE-RSA-AES128-SHA256 is a cipher suite).

Ultimately, the problem appears to stem from the choices of which ciphers are grouped into suites in the SSL/TLS standards- many of the suites either pick a key agreement scheme without forward secrecy or a block cipher + mode vulnerable to BEAST.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds