On Wed, 2014-06-04 at 16:15 +0200, Till Maas wrote: > > MACs: SHA1+ > ^^^^^ > > Curves: All supported > > Signature algorithms: must use SHA-256 hash or better > > Ciphers: AES-GCM, AES-CBC, CAMELLIA-GCM, CAMELLIA-CBC > > Key exchange: ECDHE, RSA, DHE > > DH params size: 2048+ > > RSA params size: 2048+ > > SSL Protocols: TLS1.1+ > > Why is SHA1+ allowed as MAC here? And why not? Could we please have a constructive conversation? Why do you think it shouldn't be there? Do you have any results on cryptanalysis of HMAC-SHA1 that do not make it suitable for this level? regards, Nikos -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
