Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

actually everyone seems to have switched to the "fast" SSL ciphers instead - only dropbox defaults to DHE:

> openssl s_client -connect google.com:443 RC4-SHA > openssl s_client -connect dropbox.com:443 DHE-RSA-AES256-SHA

Again, this is usually done for speed, but all of the companies on the list are using "fast" SSL/TLS ciphers rather than more secure ones.



I not really an expert in this at all, but we were not discussing ciphers, but key exchange methods.

I open google.com in Chrome, click on lockpad icon, go to the second tab, and it says: Key exchange method: ECDHE_ECDSA

Some googling turns up that: "ECDHE-ECDSA provide perfect forward secrecy" http://nmav.gnutls.org/2011/12/price-to-pay-for-perfect-forw...


yes it appears Google has PFS for Chrome/Firefox: http://www.imperialviolet.org/2011/11/22/forwardsecret.html


Thanks for this. "Dropbox coming soon" indeed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: