Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
rgbrenner
on May 22, 2016
|
parent
|
context
|
favorite
| on:
Achieving a Perfect SSL Labs Score with Go
In fact, using AES256-CBC-SHA will cause Chrome to mark the https with a red strikeout (in the location bar).. because its 'outdated' cryptogrpahy. See:
https://certsimple.com/blog/chrome-outdated-cryptography
tptacek
on May 22, 2016
[–]
You should lose the scare quotes, as SHA1 is approximately as secure relative to hash functions as RSA-1024 is to public key algorithms: that is, not very.
rgbrenner
on May 22, 2016
|
parent
[–]
fair... but it's actually the CBC suite that generates the warning.
tptacek
on May 22, 2016
|
root
|
parent
[–]
All the CBC suites in TLS are vulnerable to Lucky 13.
rgbrenner
on May 22, 2016
|
root
|
parent
[–]
Exactly. So why not call it insecure.. Instead it's just "outdated". Hence the quotes
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
