SSL ciphers, disable or not to disable RC4?
Jeffrey Walton
noloader at gmail.com
Thu Jan 9 09:52:35 UTC 2014
On Thu, Jan 9, 2014 at 4:29 AM, <Pekka.Panula at sofor.fi> wrote:
> Hi
>
> My current values in my nginx configuration for ssl_protocols/ciphers what i
> use is this:
>
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers RC4:HIGH:!aNULL:!MD5;
> ssl_prefer_server_ciphers on;
>
> What are todays recommendations for ssl_ciphers option for supporting all
> current OSes and browsers, even Windows XP users with IE?
> Can i disable RC4?
>
The paper of interest is from AlFardan, Bernstein, et al: "On the
Security of RC4 in TLS and WPA"
(http://cr.yp.to/streamciphers/rc4biases-20130708.pdf). From the
paper:
... While the RC4 algorithm is known to have a
variety of cryptographic weaknesses (see [26]
for an excellent survey), it has not been previously
explored how these weaknesses can be exploited
in the context of TLS. Here we show that new and
recently discovered biases in the RC4 keystream
do create serious vulnerabilities in TLS when using
RC4 as its encryption algorithm.
I don't believe there's a need for SSLv3 anymore either. TLSv1.0 is
pretty much ubiquitous, and its at nearly 100% for modern browser,
clients and servers.
https://en.wikipedia.org/wiki/Transport_Layer_Security#Applications_and_adoption.
You also migth want to include "!eNULL:!ADH:!ECADH:!MEDIUM:!LOW:!EXP'.
eNULL is great for performance, but it has a few problems for privacy.
More information about the nginx
mailing list