[Ach] Update adds new TLS cipher suites and changes cipher suite prioritiesin Windows 8.1 and Windows Server 2012 R2
Kurt Roeckx
kurt at roeckx.be
Sun Apr 13 16:33:12 CEST 2014
On Sun, Apr 13, 2014 at 04:17:28PM +0200, Hanno Böck wrote:
> On Sun, 13 Apr 2014 15:29:55 +0200
> Kurt Roeckx <kurt at roeckx.be> wrote:
>
> > On Sun, Apr 13, 2014 at 02:56:30PM +0200, Aaron Zauner wrote:
> > > http://support.microsoft.com/kb/2929781/en-us
> >
> > ECDHE-RSA-AES*-GCM-SHA* still seems to be missing, which really is
> > the cipher we want.
>
> One can have different opinions on that, at least as long as we don't
> have trustworthy elliptic curves defined.
But they do have ECDHE, and seem to put it on the top like all
browsers do. But they don't have GCM.
I would like to see that everybody implements curve25519 for
ECDHE, and the TLS workgroup is working on making an RFC for that.
Gnome and firefox also prefer ECHDE-ECDSA, which I think they
shouldn't do. I would prefer to use ECDHE-RSA with GCM and
curve25519.
Kurt
More information about the Ach
mailing list