Yes and no.

The current Kerberos support is insecure and should not be used. The main
problem is that the session key is reused for all TLS connections. This
prevents perfect forward secrecy.

That being said, we have been toying around with the idea of making a new
standard for GSSAPI/TLS which uses a DH or a PAKE to ensure that both
sides contribute entropy to a random encryption key.

However, we have to get some of the other standards work off our plates
before we can tackle such a large task.

In short: existing Kerberos support should be removed from OpenSSL.


On Tue, 2015-05-05 at 14:44 +0200, Petr Spacek wrote:
> Hello!
> Is this somehow interesting for us?
> Petr^2 Spacek
> -------- Forwarded Message --------
> Subject: [openssl-users] Kerberos
> Date: Tue, 05 May 2015 09:21:28 +0100
> From: Matt Caswell <>
> Reply-To:
> To:,
> I am considering removing Kerberos support from OpenSSL 1.1.0. There 
> are
> a number of problems with the functionality as it stands, and it 
> seems
> to me to be a very rarely used feature. I'm interested in hearing any
> opinions on this (either for or against).
> Thanks in advance for your input,
> Matt
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: 

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA:

Reply via email to