[gnutls-devel] gnutls 3.2.3 segfault in _gnutls_epoch_set_keys

[Florian Weimer]

* Stefan Bühler:

> Afaik AES-CBC is ok to use with TLS1.1+ and better than RC4, but for
> TLS1.0 and before you really want RC4.

Not really.  Only relatively few applications are vulnerable to
adaptive chosen-plaintext attacks (and these attacks are anything but
stealthy), but all suffer from RC4 weaknesses which enable passive
attacks.