Thread:User talk:Ryan lane/TLS on Wikipedia/reply (4)


 * 1) Thanks, will have a look. What I am seeing is, client says if TLS1.2, we don't have RC4, then 3-DES is next in line. This is bad. I don't think I need to explain to you why. I also have other probing data from handshakes with server supported cipher suites in various sorting orders, where the choice does not fall correctly (as specified by the server). It's TLS1.1 related, may be a bug in the server software or your SSL stack and how it handles your particular choice of cipher suites, though.
 * 2) It's not. While it is true, you can have security with good performance, dropping to arithmetically weaker cipher suites is not the approach you should take. Your "trade-offs" lower the effort required to circumvent it. And that's definitely not good.
 * 3) It's not absurd to use a non-standard method to achieve the same result, especially with limited compatibility, but I am starting to have serious doubts you even care.

I don't need you to help me learn, you don't even know who I am, and from what I can tell you are beyond incompetent in understanding the matter at hand anyway. And with that attitude, you surely aren't going to win against the NSA (and all the others I'm sure you don't really care for). I wish you the best of luck in doing nothing and leaving everyone hanging out to dry. If you change your mind, I'm easy to find.
 * 1) Do you mean this? Number 3 is a really bad idea, number 5 is completely misguided, enabling it is surely better than leaving it off, and number 1 and 6 will leave China hanging, you shouldn't do that to the Chinese Wikipedia (at least not for those on IPv4).