On 09/09/2014 19:20, Salz, Rich wrote:
In addition to removing the very-weak (less than 70 bits security) ciphers
from the default list,this would be a good opportunity to reorder the default
I'd prefer to wait until TLS 1.3 is implemented, which has some definite (and
rather strong :) feelings on the subject. Doing things like putting PFS first
would greatly increase the computation load on servers and doesn't seem like
the right thing to do as a quiet change. (But yes, moving RC4 down to LOW does
seem to me like the right thing to do. :)
You conveniently snipped the part of my post which explained why RC4 is
currently the*strongest* available cipher when talking to some clients,
being (in those situations)effectively stronger than AES-256 CBC, despite
its known weaknesses.
To protect from the known RC4 repeated-plaintext vulnerability, one might
consider adding rate limiting to some SSL/TLS protocol steps whenever RC4 is
actually used.
The TLS WG looked at adding arbitrary padding as a record type. I hope it
comes back. Maybe the fact that the next TLS WG interim meeting will be at
INRIA, home of the triple-handshake attack and the padding proposal, will have
some effect :)
That arbitrary padding (or any other future TLS feature) will do nothing
to mitigate the problem that interoperating with some widely deployed real
world clients leaves the choice between CBC with no mitigation and RC4 with
limitedkey lifespan (e.g. max 2**?? bytes encrypted with any given key).
You really should look at the extensive research done by SSL Labsbefore
blindly deprecating stuff.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org