alleged attack on TLS
nmav at gnutls.org
Wed Sep 21 19:50:35 CEST 2011
On 09/21/2011 07:43 PM, Chris Palmer wrote:
>> If you are using GnuTLS and want to prevent such attacks you can do
>> the following: * Make sure that TLS 1.1 or TLS 1.2 are not disabled
>> (gnutls enables them by default, but because of compatibility
>> issues with broken peers they are often disabled)
> You can also use a non-CBC cipher suite, like RC4.
Unfortunately RC4 is the weakest cipher in TLS. Although no attacks are
known for RC4 in TLS, I don't know if switching to it is a real solution.
More information about the Gnutls-devel