Posts by gc1

How many modern server programs even support export ciphers any more ?

In Apache, for example, there is no difference between configuring with SSLCipherSuite ALL and SSLCipherSuite ALL:!EXPORT, i.e. the EXPORT list appears to be empty, probably just there for historic reasons and not doing anything.

I think Stephen Fry missed a trick going for .uk, surely stephenfry.vip would have been more appropriate. Other alternatives could be:

stephenfry.actor

stephenfry.chat

stephenfry.wow

stephenfry.wtf

It's easy to give a client VM access to a whole physical disk or disk partition. So you can have the best of both worlds - able to run Windows as a VM client and able to boot native Windows when you need the facilities that requires.

Looking at various UK Internet banking sites most seem to return cipher suites in preferred order with TLS_RSA_WITH_RC4_128_SHA listed first, so that is used even where both the client and server support something stronger. If any banking admins are reading this maybe it is time to change the cipher suite preference order or set no preference order.

I've just checked which ciphers various banks and building societies use for their Internet banking services when I connect to them. All but a few used TLS 1.0 and RC4_128. I found a couple each using AES_256_CBC and AES_128_CBC. Presumably the reason for this is their wanting to maintain compatibility with older browsers. Maybe this news will encourage more of them to use later ciphers where the client supports it.