Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Jakob Bohm
of my build? *From:*openssl-users [mailto:openssl-users-boun...@openssl.org] *On Behalf Of *Scott Neugroschl *Sent:* Thursday, May 11, 2017 11:13 AM *To:* openssl-users@openssl.org *Subject:* Re: [openssl-users] Dumb question about DES OK. Are the 3DES CBC ciphers still part of DEFAULT? *From

Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Benjamin Kaduk via openssl-users
On 05/11/2017 03:17 PM, Scott Neugroschl wrote: > > So if I’m using 1.0.2, and want to deprecate 3DES, I need to do that > as part of my build? > > Yes. -Ben -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Scott Neugroschl
penssl-users] Dumb question about DES Those ciphers are triple-DES, not single-DES. (The "CBC3" gives it away ... well, not exactly.) The single-DES ciphers were removed in release 1.1.0 (they are included in the "40 and 56 bit cipher support removed from libssl" item in t

Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Jeffrey Walton
On Thu, May 11, 2017 at 2:13 PM, Scott Neugroschl wrote: > OK. Are the 3DES CBC ciphers still part of DEFAULT? >From OpenSSL 1.0.1t: $ openssl ciphers "DEFAULT" ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-

Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Viktor Dukhovni
> On May 11, 2017, at 2:13 PM, Scott Neugroschl wrote: > > OK. Are the 3DES CBC ciphers still part of DEFAULT? Normal builds of OpenSSL 1.1.0 disable the TLS 3DES ciphersuites at compile time. To make use of 3DES in TLS you need to configure your OpenSSL 1.1.0 build with

Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Benjamin Kaduk via openssl-users
ES CBC ciphers still part of DEFAULT? > > > > *From:*openssl-users [mailto:openssl-users-boun...@openssl.org] *On > Behalf Of *Benjamin Kaduk via openssl-users > *Sent:* Thursday, May 11, 2017 9:18 AM > *To:* openssl-users@openssl.org > *Subject:* Re: [openssl-users] Dumb ques

Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Scott Neugroschl
OK. Are the 3DES CBC ciphers still part of DEFAULT? From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Benjamin Kaduk via openssl-users Sent: Thursday, May 11, 2017 9:18 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Dumb question about DES Those ciphers

Re: [openssl-users] Dumb question about DES

2017-05-11 Thread Benjamin Kaduk via openssl-users
Those ciphers are triple-DES, not single-DES. (The "CBC3" gives it away ... well, not exactly.) The single-DES ciphers were removed in release 1.1.0 (they are included in the "40 and 56 bit cipher support removed from libssl" item in the release notes), though the raw crypto primitives remain in

[openssl-users] Dumb question about DES

2017-05-11 Thread Scott Neugroschl
Has DES been deprecated in OpenSSL? If so, what release? In particular the following ciphers 0.19 EDH-DSS-DES-CBC3-SHA 0.22 EDH-RSA-DES-CBC3-SHA 192.13 ECDH-RSA-DES-CBC3-SHA 192.3 ECDH-ECDSA-DES-CBC3-SHA 192.18 ECDHE-RSA-DES-CBC3-SHA 192.8