Its simple:  fallback = a MITM attacker can force fallback = youre pwned...


On 20 Feb 2015, at 19:42, Stefan Neufeind <dane-users@stefan-neufeind.de> wrote:

On 02/20/2015 07:26 PM, Patrick Ben Koetter wrote:
A little off topic for DANE users, but somehow in scope. You might consider
disabling RC4 in your servers cipher suite. IETF released an RFC requiring

  (...) that Transport Layer Security (TLS) clients and servers never
  negotiate the use of RC4 cipher suites when they establish connections.
  This applies to all TLS versions.  This document updates RFCs 5246, 4346,
  and 2246.
  -- Prohibiting RC4 Cipher Suites, https://tools.ietf.org/rfc/rfc7465.txt

How about support (as a fallback) for older clients? How "safe" (no pun
intended) is it to disable as of today?


Kind regards,
Stefan




Andreas Fink

CEO DataCell ehf
CEO Backbone ehf

---------------------------------------------------------------
Tel: +41-61-6666330 Fax: +41-61-6666331  Mobile: +41-79-2457333
Address: Clarastrasse 3, 4058 Basel, Switzerland
E-Mail:  andreas@fink.org
www.datacell.com, www.backbone.is, www.finkconsulting.com www.fink.org
---------------------------------------------------------------
Jabber/XMPP: andreas@fink.org
ICQ: 8239353 Skype: andreasfink 

Support the reboot of the internet into secure mode:  http://bootstrap.is