Replace RC4 ciphers with 3DES

<hidden> anonymous
Created: 4 years and 1 month ago • Updated: 4 years and 1 month ago
Mozilla has considered using 3DES ciphers as fallback instead of RC4 (See https://bugzilla.mozilla.org/show_bug.cg...).
DuckDuckGo still uses RC4 as fallback, so we should consider replace it with 3DES, too.

This forum has been archived

Thank you all for the many comments, questions and suggestions. Particular thanks go to user x.15a2 for constantly monitoring, replying and helping so many users here. To continue these discussions, please head over to the DuckDuckGo subreddit.


caine
These changes are now live on DuckDuckGo.com[1] and are rolling out to the Community Platform shortly.

I thought a lot about this when we hardened our cipher suite preferences a while ago. I determined it was not worth the performance hit considering the tremendous requirements to practically attack RC4[2]. At this point I think IE 6/8 on Windows XP accounts for such a small amount of traffic that I can't see any reason not to try it out. It's impossible for us to understand for sure how much traffic comes from those clients because we don't track it; but I am very comfortable estimating it at a very low percentage :).

Thanks for bringing this back up! Let's see where it goes.

Ref:
1. https://www.ssllabs.com/ssltest/analyze....
2. https://community.qualys.com/blogs/secur...
posted by caine Staff4 years and 1 month ago Link
Jlg
Correct me if I'm wrong but isn't SHA1 the best standard in this regard to use at the moment?

But looking at what said I may be really off the mark as I'm not 100% clued up as to what this thread is discussing, my bad!

posted by Jlg Community Leader4 years and 1 month ago Link
caine
We're talking about the bulk cipher, not message authentication.
posted by caine Staff4 years and 1 month ago Link
Jlg
Apologies for my mistake, by the way caine do you have a xmpp address I can contact you on please?

I just want to speak to you about I2P & setting up DDG on there.

Thanks! :-)
posted by Jlg Community Leader4 years and 1 month ago Link
caine
I'm rarely on XMPP or IRC. You can reach me at caine@duckduckgo.com.
posted by caine Staff4 years and 1 month ago Link