|reply to MeDuZa |
Re: Google disables SSL compression in Chrome against new attack
said by MeDuZa:ECC needs to become the standard already. It is much more efficient than RSA (it uses much smaller keys, but they are equally secure at a smaller size). Instead of a 2048 bit RSA key, you can get equivalent strength from a 224 bit ECC key, which makes it much faster and efficient.
Not quite so Exactly.
- Opera(12) has HSTS support. evoxllx is wrong.
- Regarding ECDHE support:
Opera support Forward Secrecy in the form of the Ephemeral Diffie-Hellman (DHE) cipher suites, but not the Elliptic Curve DHE method Google selected to prioritize (At present Opera does not support Elliptic Curve crypto). Google seem to prioritize the ECDHE and RSA/ARC4 above the DHE methods (there is no DHE_RSA/ARC4 ciphersuite defined, which may explain that part; ARC4 is less costly than AES). AFAICT Google does not support the DHE_RSA methods on their server.
In the list of ciphersuites that Opera sends the server, the DHE_RSA ciphersuites are listed as more preferred than the corresponding RSA ciphersuite, so if the DHE method is not selected it is because the server either does not support the cipher suites (as is the case on google.com), or decided not to select it based on its own list of prioritized ciphersuites.
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999