[Operators] RC4 is broken, warning?

Thijs Alkemade thijs at xnyhps.nl
Wed Jan 21 07:18:52 UTC 2015


> On 20 jan. 2015, at 12:16, Skhaen <skhaen at libwalk.so> wrote:
> 
> Hi everyone,
> 
> RC4 is broken since a loooooong time ago, can we have a critical warning
> for it on xmpp.net please?
> 
> https://en.wikipedia.org/wiki/RC4#Security
> 
> 19 mars 2013 - RC4 in TLS is Broken: Now What?
> https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what
> 
> 12 novembre 2013 - Microsoft - Security Advisory 2868725: Recommendation
> to disable RC4
> http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx
> 
> Thx!
> 
> Skhaen
> 

Hi Skhaen,

Enabling RC with TLS 1.1+ currently caps you at A-. I see ssllabs have changed
their test on December 8 last year to cap this on B instead. I’ll update the
xmpp.net test next time I get around to it.

Regards,
Thijs Alkemade
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150121/621a3ec2/attachment.sig>


More information about the Operators mailing list