Hi, > On 15 Apr 2016, at 12:38, Jim Fenton <fen...@bluepopcorn.net> wrote: > > Is there actually something in TLS 1.1 that can be exploited by these sorts > of attackers? If not, I wouldn't include those directives.
I'm not sure if that answers your question w.r.t. downgrade attacks, but a quick comment on changes between the TLS versions: TLS 1.2 introduces AEAD (authenticated encryption with associated data), these modes are currently the only ones considered secure by academia. For example: 1.1 doesn't support GCM, CCM,.. - so you end up with CBC or RC4, both of which are at the very least broken in lab settings and these attacks have been improved by quite a bit over the last couple of years, so that might be something to consider. 1.2 also removed MD5 and SHA1 as PRFs and made them configurable in cipher-suites (e.g. SHA256). Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
