"NIST encourages a rapid adoption of the SHA-2 hash functions for digital signatures, and, in any event, Federal agencies must stop relying on digital signatures that are generated using SHA-1 by the end of 2010."
It is nice and all that Microsoft is pushing TLS 1.2 and AES-GCM, but they still don't have support in schannel (used by IIS and IE??) for ECDHE_RSA_AES_GCM cipher suites.
But it might be really helpful if you were to explain a specific customer scenario where the security would be meaningfully increased by adding support for this particular cipher suite. I might be able to come up with something, but it would mean more coming from a customer.
Chrome 30 and Opera 17 support TLS 1.1 and 1.2 enabled by default. Firefox 25 and 24
ESR, and Internet Explorer 6-10 have support for TLS 1.1 and 1.2 but disabled by default
(Firefox 28 Nightly and IE 11 supports TLS 1.1 and 1.2 enabled by default).
Safari 6 for Mac OS X 10.8 and 10.7, and Safari 5 for Windows and support only
TLS 1.0 (Safari for iOS, and Safari 7 for Mac OS X 10.9 support TLS 1.1 and 1.2
enabled by default).
Microsoft officials went on to recommend that customers
stop using SHA1 now and begin using certificates based on
SHA2, which is much more resistant to collision attacks.
If SHA1 is broken at the algorithm level, one must _not_ use SHA2, which is the just a bigger SHA1.
15 comments
[ 5.4 ms ] story [ 82.0 ms ] thread"NIST encourages a rapid adoption of the SHA-2 hash functions for digital signatures, and, in any event, Federal agencies must stop relying on digital signatures that are generated using SHA-1 by the end of 2010."
But it might be really helpful if you were to explain a specific customer scenario where the security would be meaningfully increased by adding support for this particular cipher suite. I might be able to come up with something, but it would mean more coming from a customer.
Quote from here: http://en.wikipedia.org/wiki/Transport_Layer_Security#Dealin...