[Ach] Update adds new TLS cipher suites and changes cipher suite prioritiesin Windows 8.1 and Windows Server 2012 R2

Kurt Roeckx kurt at roeckx.be
Sun Apr 13 16:33:12 CEST 2014


On Sun, Apr 13, 2014 at 04:17:28PM +0200, Hanno Böck wrote:
> On Sun, 13 Apr 2014 15:29:55 +0200
> Kurt Roeckx <kurt at roeckx.be> wrote:
> 
> > On Sun, Apr 13, 2014 at 02:56:30PM +0200, Aaron Zauner wrote:
> > > http://support.microsoft.com/kb/2929781/en-us
> > 
> > ECDHE-RSA-AES*-GCM-SHA* still seems to be missing, which really is
> > the cipher we want.
> 
> One can have different opinions on that, at least as long as we don't
> have trustworthy elliptic curves defined.

But they do have ECDHE, and seem to put it on the top like all
browsers do.  But they don't have GCM.

I would like to see that everybody implements curve25519 for
ECDHE, and the TLS workgroup is working on making an RFC for that.

Gnome and firefox also prefer ECHDE-ECDSA, which I think they
shouldn't do.  I would prefer to use ECDHE-RSA with GCM and
curve25519.


Kurt




More information about the Ach mailing list