AnsweredAssumed Answered

RC4 Safe vs RC4 Broken in TLS

Question asked by s holloway on Jun 10, 2014
Latest reply on Jun 15, 2014 by s holloway

Hello Everyone,


Hope this is in the right area.


I am trying to learn the ropes regarding SSL tuning and security.

So far so good - I have disabled SSL2, started to enforce more secure protocols and have started some further testing.


I am now a little confused with regard to RC4


There is this post : from 2009 and that suggests RC4 is still OK

and this post : The specified item was not found. from 2013 that suggests not to use RC4 if you are using TLS ( which I am moving towards )


I have signed up for the OpenSSL Cookbook ( Thanks Ivan !! ) but haven't started reading yet.


Onto the point of all this.


Currently my server only supports TLS 1.0 ( an upgrade is planned )

I realise that Cipher suite use is a trade off with performance and the clients that you need to support, but I am having a hard time finding concise list of preferred Cipher suites to use.


Does any one have a good list of Cipher vs Supported clients vs Performance?

Any particular chapter in the Cookbook I should check for details??


As I have only a small client base and performance is not much of an issue at this stage I am enforcing the strongest Ciphers I can however it would be good to have more details for future reference.


Happy to do (much) more reading but as there appears to be so much (mis)information out there - I was hoping someone could point me in the right direction.