{"id":4757,"date":"2015-02-19T22:08:12","date_gmt":"2015-02-19T21:08:12","guid":{"rendered":"http:\/\/security-planet.de\/?p=4757"},"modified":"2015-02-19T22:08:12","modified_gmt":"2015-02-19T21:08:12","slug":"rip-rc4","status":"publish","type":"post","link":"https:\/\/cyber-fi.net\/index.php\/2015\/02\/19\/rip-rc4\/","title":{"rendered":"RIP RC4"},"content":{"rendered":"<p>Der&nbsp;<a href=\"http:\/\/www.rfc-editor.org\/rfc\/rfc7465.txt\" title=\"\" target=\"_blank\" rel=\"noopener noreferrer\">RFC 7465<\/a>&nbsp;verbietet die Verwndung von RC4 in TLS, was eine l\u00e4ngst \u00fcberf\u00e4llige Entscheidung ist. Ich bin aber wirklich gespannt, wie schnell dieser RFC umgesetzt wird und RC4 aus dem Internet verschwindet. Vor allem wenn man bedenkt, dass selbst Firmen wie Google immer noch RC4 verwenden (und sogar auch SSLv3).<\/p>\n<p>F\u00fcr ASA-Admins ist (sp\u00e4testens) jetzt der Zeitpunkt, die SSL-Einstellungen anzupassen. Die k\u00f6nnten so aussehen:<\/p>\n<pre class><code>ssl server-version tlsv1-only\nssl encryption dhe-aes128-sha1 dhe-aes256-sha1 aes128-sha1 aes256-sha1\n<\/code><\/pre>\n<p>Und f\u00fcr alle anderen Crypto-Einstellungen sind nat\u00fcrlich immernoch die Empfehlungen von&nbsp;<a href=\"https:\/\/bettercrypto.org\" title=\"\" target=\"_blank\" rel=\"noopener noreferrer\">bettercrypto.org<\/a>&nbsp;zu empfehlen.<\/p>\n<p><\/p>\n<p>Als n\u00e4chstes k\u00f6nnte jetzt bitte <a href=\"http:\/\/www.heise.de\/security\/artikel\/Der-Todesstoss-fuer-PPTP-1701365.html\" target=\"_blank\" rel=\"noopener noreferrer\">PPTP<\/a> sterben!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Der&nbsp;RFC 7465&nbsp;verbietet die Verwndung von RC4 in TLS, was eine l\u00e4ngst \u00fcberf\u00e4llige Entscheidung ist. Ich bin aber wirklich gespannt, wie schnell dieser RFC umgesetzt wird und RC4 aus dem Internet verschwindet. Vor allem wenn man bedenkt, dass selbst Firmen wie Google immer noch RC4 verwenden (und sogar auch SSLv3). F\u00fcr ASA-Admins ist (sp\u00e4testens) jetzt der <\/p>\n<div class=\"read-more-text\"><a href=\"https:\/\/cyber-fi.net\/index.php\/2015\/02\/19\/rip-rc4\/\" class=\"read-more\">continue reading<\/a><\/div>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"twitterCardType":"","cardImageID":0,"cardImage":"","cardTitle":"","cardDesc":"","cardImageAlt":"","cardPlayer":"","cardPlayerWidth":0,"cardPlayerHeight":0,"cardPlayerStream":"","cardPlayerCodec":"","footnotes":""},"categories":[15],"tags":[482,498,508,610],"class_list":["post-4757","post","type-post","status-publish","format-standard","hentry","category-security","tag-pptp","tag-rc4","tag-rfc-7465","tag-tls"],"_links":{"self":[{"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/posts\/4757","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/comments?post=4757"}],"version-history":[{"count":0,"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/posts\/4757\/revisions"}],"wp:attachment":[{"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/media?parent=4757"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/categories?post=4757"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyber-fi.net\/index.php\/wp-json\/wp\/v2\/tags?post=4757"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}