Re: Value of DEFAULT cipher suite

Tue, 09 Sep 2014 11:09:13 -0700 

On 09/09/2014 19:20, Salz, Rich wrote:

In addition to removing the very-weak (less than 70 bits security) ciphers
from the default list,this would be a good opportunity to reorder the default

I'd prefer to wait until TLS 1.3 is implemented, which has some definite (and 
rather strong :) feelings on the subject.  Doing things like putting PFS first 
would greatly increase the computation load on servers and doesn't seem like 
the right thing to do as a quiet change.  (But yes, moving RC4 down to LOW does 
seem to me like the right thing to do. :)

You conveniently snipped the part of my post which explained why RC4 is
currently the*strongest* available cipher when talking to some clients,
being (in those situations)effectively stronger than AES-256 CBC, despite
its known weaknesses.

To protect from the known RC4 repeated-plaintext vulnerability, one might
consider adding rate limiting to some SSL/TLS protocol steps whenever RC4 is
actually used.

The TLS WG looked at adding arbitrary padding as a record type.  I hope it 
comes back.  Maybe the fact that the next TLS WG interim meeting will be at 
INRIA, home of the triple-handshake attack and the padding proposal, will have 
some effect :)

That arbitrary padding (or any other future TLS feature) will do nothing
to mitigate the problem that interoperating with some widely deployed real
world clients leaves the choice between CBC with no mitigation and RC4 with
limitedkey lifespan (e.g. max 2**?? bytes encrypted with any given key).

You really should look at the extensive research done by SSL Labsbefore
blindly deprecating stuff.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to