Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt

Hanno Böck <> Thu, 02 October 2014 08:26 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 6091E1A0173 for <>; Thu, 2 Oct 2014 01:26:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.301
X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dLDeHmU2L-pH for <>; Thu, 2 Oct 2014 01:26:04 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0DF701A0151 for <>; Thu, 2 Oct 2014 01:26:03 -0700 (PDT)
Received: from localhost ([::ffff:]) (AUTH: LOGIN, TLS: TLSv1/SSLv3, 128bits, ECDHE-RSA-AES128-GCM-SHA256) by with ESMTPSA; Thu, 02 Oct 2014 10:26:02 +0200 id 0000000000000024.00000000542D0C1A.000009F5
Date: Thu, 2 Oct 2014 10:26:02 +0200
From: Hanno =?ISO-8859-1?B?QvZjaw==?= <>
Message-ID: <>
In-Reply-To: <>
References: <>
X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.24; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary=""
Subject: Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 Oct 2014 08:26:06 -0000

Am Wed, 01 Oct 2014 16:12:54 -0700

>    This document requires that Transport Layer Security (TLS) clients
>    and servers never negotiate the use of RC4 cipher suites when they
>    establish connections.  This applies to all TLS versions, and
> updates [RFC5246], [RFC4346], and [RFC2246].

I really don't want to hold anything here and would welcome if this
gets finally out, however there's one thing that bothers me:
There is currently no such RFC for RC2 or DES. Both are - considering
current RFCs - perfectly valid ciphers according to RFC 2246.

It doesn't really make sense to forbid RC4 (likely weak, but no
public practical attacks yet) while still allowing RC2(40 bit)/DES
(practically broken).

Should we change this to "forbid RC2, DES and RC4" ?

(there's of course also the potential discussion if further ciphers
should be deprecated that are likely weak but not broken - things like
DSS - but I'd keep that discussion separate for now)

Hanno Böck