Re: [TLS] Issue 56: AES as MTI

To: tls at ietf.org
Subject: Re: [TLS] Issue 56: AES as MTI
From: Mike <mike-list at pobox.com>
Date: Fri, 14 Sep 2007 14:17:20 -0700
Cc:
In-reply-to: <5E75C29FF611C298B79DC0E1@[10.1.110.5]>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <20070912231150.ED1D533C21@delta.rtfm.com> <65C7072814858342AD0524674BCA2CDB0D2E6E3E@rsana-ex-hq2.NA.RSA.NET> <20070912232636.2B5FE33C21@delta.rtfm.com> <5E75C29FF611C298B79DC0E1@[10.1.110.5]>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

As far as I can tell, the real-world MTI for SSL/TLS as deployed is RC4.


Yes, I've noticed this in my testing.  Many servers will pick RC4_MD5
even though it is last in my cipher list.  Examples are apple.com,
ibm.com, amazon.com, verisign.com.  When confronted with only AES
ciphers, most will negotiate it, but, for example, Verisign won't
(they do support 3DES though).

Mike

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- [TLS] Issue 56: AES as MTI
  - From: Eric Rescorla
- Re: [TLS] Issue 56: AES as MTI
  - From: Eric Rescorla
- Re: [TLS] Issue 56: AES as MTI
  - From: Chris Newman

Prev by Date: Re: [TLS] Issue 56: AES as MTI
Next by Date: [TLS] RE: Review of draft-santesson-tls-gssapi-03
Previous by thread: Re: [TLS] Issue 56: AES as MTI
Next by thread: Re: [TLS] Issue 56: AES as MTI
Index(es):
- Date
- Thread

Re: [TLS] Issue 56: AES as MTI

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.