[Operators] RC4 is broken, warning?
Thijs Alkemade
thijs at xnyhps.nl
Wed Jan 21 07:18:52 UTC 2015
> On 20 jan. 2015, at 12:16, Skhaen <skhaen at libwalk.so> wrote:
>
> Hi everyone,
>
> RC4 is broken since a loooooong time ago, can we have a critical warning
> for it on xmpp.net please?
>
> https://en.wikipedia.org/wiki/RC4#Security
>
> 19 mars 2013 - RC4 in TLS is Broken: Now What?
> https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what
>
> 12 novembre 2013 - Microsoft - Security Advisory 2868725: Recommendation
> to disable RC4
> http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx
>
> Thx!
>
> Skhaen
>
Hi Skhaen,
Enabling RC with TLS 1.1+ currently caps you at A-. I see ssllabs have changed
their test on December 8 last year to cap this on B instead. I’ll update the
xmpp.net test next time I get around to it.
Regards,
Thijs Alkemade
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150121/621a3ec2/attachment.sig>
More information about the Operators
mailing list