Victor Duchovni wrote:
On Thu, Dec 11, 2008 at 03:07:47PM -0600, Noel Jones wrote:
The DES-CBC3-SHA 168 bit cypher seems reasonably common (here,
nearly 10% of connections)
SSL with DES-CBC3-SHA is broken in pre-Vista version of Windows,
so if a Windows client is using the SSL support in Microsoft's
Crypto API, that could be an issue.
I miscounted earlier, my overly-simple grep included things
such as "EDH-RSA-DES-CBC3-SHA" in the total.
Occurrences of "cipher DES-CBC3-SHA" turn out to be pretty
rare here - less than 0.1% rather than the 10% I quoted
earlier. YMMV.
So maybe disabling DES-CBC3-SHA isn't a bad thing, at least
for testing.
--
Noel Jones
