-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Mon, May 05, 2014 at 11:50:48AM +0200, Nikos Mavrogiannopoulos wrote: > On Fri, 2014-04-25 at 10:34 -0400, Hubert Kario wrote: > > SSL/TLS survey of 305280 websites from Alexa's top 0.97 million > > Stats only from connections that did provide valid certificates > > (or anonymous DH from servers that do also have valid certificate installed) > > > RC4 Only 5418 1.7748 > > That's pretty interesting. The question is now how important is that RC4 > only segment. Is that percentage significant enough to revise having RC4 > in the "default" crypto profile set? Revise how? RC4 should be dropped down to EXPORT status, IMO, but somehow lives on. I believe Hubert is having this conversation with OpenSSL devels now... - --Eric - -------------------------------------------------- Eric "Sparks" Christensen Red Hat, Inc - Product Security Team sparks@xxxxxxxxxx - sparks@xxxxxxxxxxxxxxxxx 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJTZ5/4AAoJEB/kgVGp2CYv3AcL/RGImDV+aJOKQNLs3QX5hUee FcB9WQHdPQYY8Juzrzj6XqBdj9N8RlBSPpj0oMO9oMEF4yL/QTEztbG6Wr6BaZxO T0ds+/pcqEJEsbNJhwwMnM1o94HRmonJlSko62p8hVolfmelYupFiRbdUykCYt+Z sT9UyMFOi1HusvfMrM1fdNGB7rhaNCSCr1kbeweN2NiNPVhpq6qucIHeNTFjijN+ 5PmTTvHM8gK4n8+xupYdyTB6gvo4z+N5y/N+g1lOIKj1Blako2fl2KxQDaYt7+cS xL7RZhWQPXGqgYDHMb1VI8g7bL1B2NWRP8cZUQSanEONT5SmROUhBxONsOp6iWMT 7F/qFnxL+NGaSavxbwDYmnCs0v1UhBEsiL9nuXoYwcXy6z98SX76GDkm2o/2Rx9X X6mDbRzhWnlHD6kE6RBByi228cNj2HK216G3pqPtBzhY2ssrz38gFVgk4XtCovA7 conMn3L4BhnfBVJsJJdD4/+ix5ikOQir8n2EIqw8qQ== =+AIX -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
