20 Feb
2015
20 Feb
'15
8:10 p.m.
On Fri, Feb 20, 2015 at 06:47:09PM +0000, Viktor Dukhovni wrote:
a broken 3DES implementation. They prefer RC4. If you drop RC4, you lose interoperability with these systems.
well, you might end up sending the message in the clear. Whether that's better or worse than RC4 depends on the perception of both the sender and the receiver. However, if they desparately care, they might encrypt end2end.
I would wait to disable RC4 for another 2-3 years. With
The RFC first and foremost gives _implementations_ (libs and apps) a hook to cease supporting RC4, so depending on sw vendors and maintainers (and your sw update cycle), you might not have these 2-3 years.
-Peter