alleged attack on TLS

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Sep 21 19:50:35 CEST 2011


On 09/21/2011 07:43 PM, Chris Palmer wrote:

>> If you are using GnuTLS and want to prevent such attacks you can do
>> the following: * Make sure that TLS 1.1 or TLS 1.2 are not disabled
>> (gnutls enables them by default, but because of compatibility
>> issues with broken peers they are often disabled)
> You can also use a non-CBC cipher suite, like RC4.

Unfortunately RC4 is the weakest cipher in TLS. Although no attacks are
known for RC4 in TLS, I don't know if switching to it is a real solution.

regards,
Nikos




More information about the Gnutls-devel mailing list