DescriptionIsSecureTLSCipherSuite should not classify DHE_RSA as secure.
This makes the requirements for 'modern' ECDHE + AEAD, rather than PFS + AEAD.
Given that we'd been hoping to ditch DHE for a while, we should at least get it
out of the modern bucket.
The HTTP/2 requirements stay the same since those are snapshotted into the spec
already. Though early data says that no one uses HTTP/2 with DHE_RSA, which is
good for removal prospects.
BUG=538690
Committed: https://crrev.com/2937efc4b3cd071db278cbbe3c47c67d8567ec74
Cr-Commit-Position: refs/heads/master@{#356000}
Patch Set 1 #
Total comments: 1
Messages
Total messages: 17 (5 generated)
|