[Operators] RC4 is broken, warning?

Skhaen skhaen at libwalk.so
Wed Jan 21 09:17:44 UTC 2015


Ah, good news!

Can you update it to pass to B if it's not only PFS please?

Skhaen

Le 21/01/2015 08:18, Thijs Alkemade a écrit :
> 
>> On 20 jan. 2015, at 12:16, Skhaen <skhaen at libwalk.so> wrote:
>>
>> Hi everyone,
>>
>> RC4 is broken since a loooooong time ago, can we have a critical warning
>> for it on xmpp.net please?
>>
>> https://en.wikipedia.org/wiki/RC4#Security
>>
>> 19 mars 2013 - RC4 in TLS is Broken: Now What?
>> https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what
>>
>> 12 novembre 2013 - Microsoft - Security Advisory 2868725: Recommendation
>> to disable RC4
>> http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx
>>
>> Thx!
>>
>> Skhaen
>>
> 
> Hi Skhaen,
> 
> Enabling RC with TLS 1.1+ currently caps you at A-. I see ssllabs have changed
> their test on December 8 last year to cap this on B instead. I’ll update the
> xmpp.net test next time I get around to it.
> 
> Regards,
> Thijs Alkemade
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150121/be89a74e/attachment.sig>


More information about the Operators mailing list