[webkit-dev] Request for position: Removing 3DES from TLS

David Benjamin davidben at chromium.org
Wed Apr 28 06:46:28 PDT 2021


Hello WebKit friends,

We're looking at dropping 3DES cipher suites from TLS. For us, this is
just TLS_RSA_WITH_3DES_EDE_CBC_SHA.
Looks like Safari additionally supports TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
and TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, which would also fall under that
category.

After TLS 1.0 and 1.1 were removed, our metrics report a whole 0.00% of TLS
connections using TLS_RSA_WITH_3DES_EDE_CBC_SHA. (And, of course, no sites
use the other two in Chrome, since we don't support them in the first
place.)

For additionally background and motivation, see the blink-dev posting here.
https://groups.google.com/a/chromium.org/g/blink-dev/c/RShdgyaDoX4/m/JikQYHPuBQAJ

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20210428/3ee25a7c/attachment.htm>


More information about the webkit-dev mailing list