/plushcap/analysis/cloudflare/staying-on-top-of-tls-attacks

Staying on top of TLS attacks

What's this blog post about?

The text discusses how John Graham-Cumming, a representative from Cloudflare, explains their use of Transport Layer Security (TLS) and ciphersuites to ensure secure communication between clients and servers. They mention that they have been reevaluating the use of TLS due to recent news about security problems with RC4 cipher used for some TLS connections. The text provides a detailed explanation of how TLS works, including the negotiation process between client and server on which ciphersuite will be used. It also discusses forward secrecy, which is offered by ECDHE-based ciphers, and the recent attack against RC4 that could allow an attacker to recover parts of the original HTTP message when RC4 is used. The text concludes with Cloudflare's plan to deprecate TLSv1.1 and switch to TLSv1.2 for their internal systems, using ECDHE-RSA-AES128-GCM-SHA256 as the current cipher of choice.

Company
Cloudflare

Date published
July 12, 2013

Author(s)
John Graham-Cumming

Word count
2222

Hacker News points
None found.

Language
English


By Matt Makai. 2021-2024.