[gnutls-devel] gnutls 3.2.3 segfault in _gnutls_epoch_set_keys

Florian Weimer fw at deneb.enyo.de
Sun Aug 4 11:17:48 CEST 2013

* Stefan Bühler:

> Afaik AES-CBC is ok to use with TLS1.1+ and better than RC4, but for
> TLS1.0 and before you really want RC4.

Not really.  Only relatively few applications are vulnerable to
adaptive chosen-plaintext attacks (and these attacks are anything but
stealthy), but all suffer from RC4 weaknesses which enable passive

More information about the Gnutls-devel mailing list