[Ach] bettercrypto.org using non-optimal crypto?
Torsten Gigler
torsten.gigler at owasp.org
Tue Jul 8 11:20:10 CEST 2014
Hi Alan,
may I suggest to check the ciphers that are active on your browser:
https://www.ssllabs.com/ssltest/viewMyClient.html
And provide the Ciphers you get back from ssllabs.com.
(This is the expected standard for Chrome 34:
https://www.ssllabs.com/ssltest/viewClient.html?name=Chrome&version=34&platform=OS%20X
)
According to ssllabs, the server 'bettercrypto.org' should choose: Chrome
34 / OS X
<https://www.ssllabs.com/ssltest/viewClient.html?name=Chrome&version=34&platform=OS%20X>
R TLS 1.2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) FS
from the ciphers that your browser supports.
Kind regards
Torsten
2014-07-08 11:06 GMT+02:00 Aaron Zauner <azet at azet.org>:
> Hi Alan,
>
> Alan Orth wrote:
> > Thanks for the explanation, Pepi and Aaron. The choices seem reasonable
> > now that you explained the logic.
> Short update on that; I asked Adam Langley from Google via Twitter
> yesterday why Chrome does not support a stronger HMAC. He pointed out
> that AES-CBC mode is still susceptible to the Lucky13 Attack, which I -
> to be honest - totally forgot about. So your concern is valid.
>
> What I don't understand is why your Chrome did not negotiate for
> AES-GCM. On which platform are you testing this (OS and architecture)?
>
> Aaron
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140708/27321a83/attachment.html>
More information about the Ach
mailing list