Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
Remove support for weak cipher suite #1733
Comments
wbnns
added
the
Under Review
label
Aug 7, 2017
wbnns
self-assigned this
Aug 7, 2017
wbnns
added
Security
and removed
Under Review
labels
Sep 17, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
reddr commentedAug 7, 2017
Also SSL certificate/configuration for bitcoin.org is already quite good there is one thing that should be improved:
The TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher-suite is known to be weak for years.
It only provides an effective 112 bit security and opens the door for meet-in-the-middle attacks.
Bitcoin.org currently supports this suite for TLS 1.0, 1.1 and 1.2.
Proposed fix: This suite should be removed from the set of supported cipher-suites.