Staying on top of TLS attacks
The text discusses how John Graham-Cumming, a representative from Cloudflare, explains their use of Transport Layer Security (TLS) and ciphersuites to ensure secure communication between clients and servers. They mention that they have been reevaluating the use of TLS due to recent news about security problems with RC4 cipher used for some TLS connections. The text provides a detailed explanation of how TLS works, including the negotiation process between client and server on which ciphersuite will be used. It also discusses forward secrecy, which is offered by ECDHE-based ciphers, and the recent attack against RC4 that could allow an attacker to recover parts of the original HTTP message when RC4 is used. The text concludes with Cloudflare's plan to deprecate TLSv1.1 and switch to TLSv1.2 for their internal systems, using ECDHE-RSA-AES128-GCM-SHA256 as the current cipher of choice.
Company
Cloudflare
Date published
July 12, 2013
Author(s)
John Graham-Cumming
Word count
2222
Hacker News points
None found.
Language
English