You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Will Chan has suggested that Chrome wants to restrict the set of cipher suites that we consider to be acceptable for HTTP/2. A unilateral action on the part of Chrome might have the effect of forcing the issue for sites, but that would be problematic.
We already require (potentially) ephemeral key exchange with a certain minimum strength. But that's just the handshake. The changes here relate to the TLS record layer.
If we want to improve the situation on the record layer, we can start by considering the following list of options, all of which are on the threatened species list (they won't be part of TLS 1.3), in order of least to most desirable:
RC4 (we currently advise against this in a non-normative fashion)
3DES
AES CBC modes
The text was updated successfully, but these errors were encountered:
Will Chan has suggested that Chrome wants to restrict the set of cipher suites that we consider to be acceptable for HTTP/2. A unilateral action on the part of Chrome might have the effect of forcing the issue for sites, but that would be problematic.
We already require (potentially) ephemeral key exchange with a certain minimum strength. But that's just the handshake. The changes here relate to the TLS record layer.
If we want to improve the situation on the record layer, we can start by considering the following list of options, all of which are on the threatened species list (they won't be part of TLS 1.3), in order of least to most desirable:
The text was updated successfully, but these errors were encountered: