I think this is the change that would facilitate the cipher_list discussed below:
--- a/src/openssl.c +++ b/src/openssl.c @@ -267,13 +267,42 @@ ssl_init (void) /* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html * Since we want a good protection, we also use HIGH (that excludes MD4 ciphers and some more) + * !kRSA removes RSA key exchange (i.e., key transport), but allows RSA digital signatures. + * With RSA key exchange removed, only key agreement schemes remain (i.e., PFS schemes). */ if (opt.secure_protocol == secure_protocol_pfs) - SSL_CTX_set_cipher_list (ssl_ctx, "HIGH:MEDIUM:!RC4:!SRP:!PSK:!RSA:!aNULL@STRENGTH"); + SSL_CTX_set_cipher_list (ssl_ctx, "HIGH:!aNULL:!kRSA:!RC4:!MD5:!SRP:!PSK"); + else + SSL_CTX_set_cipher_list (ssl_ctx, "HIGH:!aNULL:!RC4:!MD5:!SRP:!PSK"); Jeff On Wed, Oct 18, 2017 at 6:57 PM, Jeffrey Walton <noloa...@gmail.com> wrote: > Hi Everyone, > > I believe this has some room for improvement (from src/openssl.c): > > "HIGH:MEDIUM:!RC4:!SRP:!PSK:!RSA:!aNULL@STRENGTH" > > I think it would be a good idea to provide a `--cipher_list` option to > allow the user to specify it. It might also be prudent to allow the > string to be specified in `.wgetrc`. > > Regarding the default string, its 2017, and this is probably closer to > what should be used by default: > > "HIGH:!aNULL:!RC4:!MD5:!SRP:!PSK:!kRSA" > > The "!kRSA" means RSA cannot be used for key exchange (i.e., RSA key > transport), but can be used for digital signatures. MD5 is probably > another algorithm that should be sunsetted at this point in time > (though I am not aware of a HMAC/MD5 attack that can be carried out in > TCP's 2MSL re-transmit time frame). > > I use the same cipher_list on the servers under my control. I've never > received a complaint from them. They cipher_list also helps get one of > those A+ reports from the various SSL scanners. > > Jeff