4

Did some analysis on some servers that a partner of ours is hosting:

-TLS 1.0: Hmm this isn't great
-TLS_RSA_WITH_RC4_128_SHA preferred Cipher Suite for ALL TLS Versions.

I almost barfed at my desk.

Comments
  • 0
    I'm almost afraid to ask what the partner's product is.

    Sounds like something I might have worked on. (We had good reasons, I promise.)
  • 0
    Oh shit. Someone is fucked.
  • 0
    @elcore Hardware crypto on an IoT device that can't be changed and only does RC4, but needed maintenance support for 5 years on the market.

    The replacement device wasn't much better (no SHA2!) but it did AES-256.
  • 0
    @elcore believe me, I'd have changed a lot of things if I could, but the hardware was set and there was no changing it, and there was no way to implement anything better until we did a completely new version of the device, which was powerful enough to run Linux and a recent version of openssl.

    Don't think we didn't complain. 😀
Add Comment