Bug#654764: Mitigate B.E.A.S.T attack
On Thursday 05 January 2012, Mathieu Parent wrote:
> The BEAST vulnerability [1] "can be prevented by removing all CBC
> ciphers from your list of allowed ciphers—leaving only the RC4
> cipher".
I don't think we want to do that. The normal RC4 algorithms (i.e. not
ECDHE-*-RC4*) don't provide perfect forward secrecy. So you would
improve the security in one regard (mitigate BEAST vulnerability even
if the client does not implement a work-around) but worsen it in
another regard.
AFAIK, NSS, which is used by Chrome and Firefox, has had a BEAST
workaround for some time now. So, the suggested change would worsen
the security for a significant part of the user base.
Reply to: