As it stands, SSL is in a bad way. First BEAST, then CRIME, followed by weaknesses highlighted in the RC4 cipher which was proprosed as a workaround to the previous attacks have left SSL version 3 and TLS version 1 in a bind. At present, the most practical recommendation is to use RC4 as the only cipher on SSL3 and TLS1 connections. This is far from ideal, given that RC4 is a weak cipher, and vulnerable to a bias attack.
In fact, this recommendation has drawn some criticism from within the Labs Team itself. Some feel that given that BEAST is mitigated in most web browsers, it is better to eliminate RC4 altogether, and rely on the browsers’ protections to prevent BEAST. However, the counter claim to this notes that the Internet is larger than just the web, as well as the fact that BEAST is easier to exploit than the bias attack. Of course, neither of these solutions are viable in the long term.
Slowly, things are changing. This week, the latest version of the last of the major browsers gained default support for TLS v1.2 (see here). These aren’t the current release versions, but it does mean that support for the majority of users is on the horizon. With this in mind, The Team will start the countdown clock on its current SSL recommendations.
After 01/04/2014 (no joke), the Team’s SSL recommendations will no longer juggle flaky ciphers and suggest iffy workarounds, but instead will recommend TLS versions 1.2 and 1.1 and with them the glut of new ciphers offered. Hopefully these new recommendations (and their implementation by our customers) will result in fewer issues identified on tests, as well as settling yet another internal debate!
To see our current SSL Recommendations, as well as more information about SSL security in general, please see our SSL Good Practice Guide.