Hi Viktor, Viktor Dukhovni wrote: > You're also not using the correct primitive cipherlist attribute > to select DH key exchange. It is called "kEDH" (recently aliased > to kDHE, but that's not yet in most releases) not "DHE" or "EDH". > > With OpenSSL 1.0.0, there is also an "EDH", but it is not primitive, > it is equivalent to "kEDH:!aNULL" (it excludes the anonymous cipher > suites). In 0.9.8 there is no "EDH", only kEDH. > > Ditto for EECDH vs kEECDH. Thanks for clearing that up. I will forward your e-mail to our mailing list.
>>>> In particular, given our cipherstring recommendation we encounter that >>>> DHE and ECDHE based ciphersuites and their preference are neglected by >>>> these OpenSSL versions [0] - we are currently discussing updating our >>>> recommendation to an augmented version of this ciphersuite [1]. > > One needs to RTFS a lot more closely to create a sensible cipherlist > that works reasonably well with both 0.9.8 and 1.0.0. It is > possible, but requires a bit more attention to detail. Yeah, I've figured. > A problem with explicit cipherlist recommendations is that they > tend to get deployed in a cargo-cult manner long after they've been > superceded. I'd rather see progressive backwards-compatible > improvements in the DEFAULT and ALL cipherlists in OpenSSL coupled > with mechanisms such as the new security levels under development > on the master branch. I think these will serve users better than > point-in-time cipherlist tweaks that no two people would make the > same. The thing is, when we started in last autumn we needed to get something out to people right away. Of course the best thing for all is if upstream software vendors (or libraries such as OpenSSL) and distributions ship hardened defaults. Keeping track of upstream software and their changes is hard to keep track of - but I think in general we did a good job with our recommendations. As upstream projects have and still are going to react to the current discussion about pervasive monitoring our project will slowly fade out. With us having to replace recommendations with "fixed/secure upstream" stanzas. Aaron
signature.asc
Description: OpenPGP digital signature
