Page MenuHome GnuPG
Create Task
Maniphest T6029

ntbtls: Require TLS 1.2 or later + AEAD by default
Closed, ResolvedPublic
Actions

Description

Versions of TLS lower than 1.2, or which do not use an AEAD ciphersuite, are broken by Lucky13 unless very complex countermeasures are in place. They also have poor performance. These ciphersuites should be disabled by default

Event Timeline

DemiMarie created this task.Jun 13 2022, 11:21 PM
DemiMarie created this object in space S1 Public.
werner added a subscriber: werner.Jun 14 2022, 8:04 AM

ntbtls support only 1.2. We can't disable cipher suites for interop reasons. It is not the client's job trying to force a server 's admin to offer only decent ciphersuites.

werner triaged this task as Normal priority.Jun 16 2022, 6:37 PM
werner closed this task as Resolved.Oct 28 2022, 3:59 PM
werner claimed this task.
werner added a project: Not A Bug.

I can't see what we shall do here.