Posted by Adam Langley, Software Engineer list of cipher suites is maintained by the Internet Assigned Names and Numbers Authority.ECDHE: the key agreement mechanism.
RSA: the authentication mechanism.
AES_128_CBC: the cipher.
SHA: the message authentication primitive.
RC4 1 ][2 ][3 ][4 ] and were used to attack WEP, the original security standard for Wi-Fi. HTTPS was believed to be substantially unaffected by these results until Paterson et al compiled and extended them [5 ] and demonstrated that belief to be incorrect.AES-CBC BEAST and was demonstrated by Duong and Rizzo 2011 (although the idea was originally described by Rogaway in 1995). It exploits a flaw in the way that TLS prior to version 1.1 generated CBC initialization vectors.Lucky13 . This attack uses the fact that TLS servers take a slightly different amount of time to process different types of invalid TLS records. This attack is the first one that we have discussed that requires the use of timing side-channels and is thus probabilistic.AES-GCM ChaCha20-Poly1305 Summary
Follow
2 comments :
Surely Google would want to update their XMPP ciphers too then - they are only offering RC4 ciphers right now: http://xmpp.net/result.php?domain=google.com&type=client#ciphers
Google chrome supports RSA but not ECDSA. :(
I do like CHACHA20 and the POLY1305 move; unfortunately that set is not supported in openssl (yet)
Post a Comment