|
|
|
|
|
|
by davidben
4059 days ago
|
|
|
SSLLabs capping server scores for just supporting RC4 is kind of silly. The server gets to pick the cipher and the Finished message authenticates the rest of the handshake. So long as the key exchange portion is strong enough (and that's orthogonal to the bulk cipher, although if you're supporting XP, that's probably plain RSA and not ECDHE_RSA), the handshake has downgrade protection. You can securely[1] negotiate GCM with modern browsers while still accepting legacy things for older ones. Just order your ciphers right. [1] I'm handwaving the version fallback. You'll want to also support FALLBACK_SCSV, which SSLLabs also checks for, until that thing is gone for good. |
|
|