|
|
|
|
|
|
by hannob
3065 days ago
|
|
|
> Why still support the TLS_RSA_* ciphers, given that they, unlike TLS 1.1, have a known vulnerability? TLS 1.1 also has known by design vulnerabilities. It only supports two cipher modes, RC4 and CBC/HMAC. The first is vulnerable to biases, the second to padding oracles + Lucky 13. Yeah, padding oracles can be avoided by implementing crazy, complicated countermeasures. Same is true for TLS_RSA. (Though I do agree that TLS_RSA is probably more problematic.) |
|
|