New How To Grade Java 6 Encryption Ciphers Doc Available
I posted Grade Encryption Ciphers in Java 6 on the How To site the other day and after posting it, I couldn't help but hope that something in it was incorrect. Let me know what you think but with the current state that SSL and TLS are in, things are pretty depressing. While writing it, I kept remembering a point Ivan Ristic had made over on the SSLLabs blog a few weeks ago in the post RC4 in TLS is broken: Now what?/p>
...for public web sites that need to support a wide user base, there is practically nothing 100% secure they can use to replace RC4. We now have no choice but to accept that, no matter what settings we use, some segment of the user base will be at risk.