[BlueOnyx:17537] Re: CBC ciphers
Michael Stauber
mstauber at blueonyx.it
Thu May 7 13:44:23 -05 2015
Hi Matt,
> As always, an incredibly in-depth and educational response.
No problem.
> In any case, this recommendation was made in the “informational”
> category of fixes, so I think we have solid ground to put forward
> ignoring the recommendation.
Indeed. Just file why you're not implementing this and tag my message along.
FWIW: I understand where they (the "snake oilers") are coming from with
this suggestion:
Pootle attack: If CBC is active this *might* be an issue.
But as it is: That's just one side of the story and you can have CBC on
if you have buttoned down all the other hatches. Which we did. And
sadly: Given the state of what browsers and our OpenSSL support, we
don't have much of a choice as far as CBC is concerned. Microsoft kinda
forces it down our throats.
Damned if you do, damned if you don't.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list