-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Mon, May 05, 2014 at 05:11:04PM +0200, Nikos Mavrogiannopoulos wrote: > That is, no HTTPS connection at all for 17215 servers; only plaintext. No, if your website is protected by SSL there should be no option for plaintext. None. > 2. Users relaxing the overall security level from DEFAULT -> LEGACY That's what we're already doing by allowing RC4 in DEFAULT settings. It's a bad cipher. Luckily we can rearrange ciphers to use betters ones before RC4. The problem is servers who don't use HIGH or DEFAULT settings but rather cherry pick ciphers outside of their understanding and end up with bad choices. > 3. Users switching to some other distribution that things just work. This is being done upstream of Fedora. Again, this is really a problem for server-side installations and less with client side installations. > We need to know what removing RC4 from the default list entails. Knowing > which these 17215 servers are, and their ranking in that list would > certainly help decide. It would be very interesting to see what servers are only supporting RC4 and ask them why they don't wish to use DEFAULT. - -- Eric - -------------------------------------------------- Eric "Sparks" Christensen Red Hat, Inc - Product Security Team sparks@xxxxxxxxxx - sparks@xxxxxxxxxxxxxxxxx 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJTZ66jAAoJEB/kgVGp2CYvgUkMAJFInS3v4Xlr9WxUDR4sRFC5 wqrVbXFJ3eQDSq9irs6yb5CBaGaWeIrmJBPEdPHJKiCCLcnYSX75O/TvJMBbLFuJ ILTR1NSENrAosnjjpACUhSNOjs03I5pdFh7eevhi+suxEAOcH3NrQkp5SmOzrti1 vilV5BUoDJEoRWfySkSqJ0nzeBCBXqtltgUBjR2HVFJYwvzwhBktYorHBW/cNYag qxnOrvqvT406CIV7Abq9k9js8U+EnR4On7Rv+vGyexnywgtqqFsnBBXIsxRnEAtQ coXGt6QwpDqn+6wGLTpimI2kLmO0DHzSctGgfcgl9SIWPBoc/vet7ZqgBzBz7cIu d/iyqX2iikvF+4M0Wlgc44G/93luVu/2KPhzLZWPOEee6ejPPtbr42kAg4qwUQuV 99kb9sK+zyXfoc2wOBXg5tNFGkKSEsyILf/57fyuk7iJ2GwQQQ9nlKouAWWGmmRY DSXLifj+pjpmsJ+rZLBhbUFg+phzffBqVi55zsXHRQ== =dGDf -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
