Re: [MIX] Initial feedback on Mixed Content

> Browsers certainly block certain kinds of TLS. SSL 3.0, for instance.
I think nearly all the browser support SSL 3.0. At least that's what
we are being told for draft-ietf-tls-downgrade-scsv. (How quickly
Heartbleed and complexity have been forgotten).

As I understand it, TLS 1.0 suffers a similar padding attack as SSL
3.0 (the method of generating the IV changed between the two). I hope
the browsers are ready to pivot quickly once the TLS PoC is unleashed.

> And terrible cipher suites that we all know are bad.
Similar could be said for continued use of RC4.

Received on Friday, 28 November 2014 07:24:02 UTC