On Tue, 2014-05-06 at 07:42 -0400, Hubert Kario wrote:
Sorry, but how does that force a plaintext session?
You try to connect to an https site. It doesn't work and an error
message is issued that no common ciphers were found. The only thing that
you can try as user is fall back to http.
There's no plaintext fallback for HTTP.
I agree there is no automatic fallback, but there will be manual
fallback by the users.
And applications which use opportunistic encryption shouldn't use
cipher order anyway (as default won't ever have anonymous DH).
You don't need anonymous DH for opportunistic encryption, and most
likely you don't want it either. With anonymous DH (and current
implementations) you cannot achieve key continuity, which is the
ingredient that makes opportunistic encryption worthwhile.