Akamai seems to be serving HTTPS content via AES-128-CBC (TLS 1.1)... is it worth trying to reconfigure for RC4 at this point?
@matthew_d_green I was more worried about Lucky13 actually, especially since we're talking about CDN edge servers
-
-
@bascule@matthew_d_green Can you rearrange the site so the CDN servers don't even see the secure cookies? haha very funny I know -
@marshray@matthew_d_green might've been an interesting thing to consider before the site was already built ;)
End of conversation
New conversation -
-
-
@bascule@matthew_d_green I wouldn't rule out the possibility of someone figuring out how to do BEAST with pure XSRF at some point.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule Yeah... The obvious fix is to upgrade everything to the latest OpenSSL. But I'm assuming that's not an option.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.