[ asymmetric hello ]
On Thu, Oct 30, 2014 at 04:19:34PM +0100, konrad rzentarzewski wrote:
> i already did: stunnel.
And does it have any real use in the end ? In haproxy we have also done
totally pointless things that nobody has ever found a use for as well,
and we better try to forget them instead of promoting them (hint: try
to declare a "ruleset" section).
> i don't really know wheter it's big advantage to have it configurable at
> this time, probably not, as current hardcoded ssloptions value is safe.
>
> i know that we needed to add some opts in july to stunnel, as they were
> not default for openssl at that time to prevent BEAST and friends.
>
> besides, it's exactly the same with the ciphers - you don't need to
> include them all in documentation (it's perfectly sufficient to refer to
> openssl documentation) and i believe it's being used by most users, as
> defaults are not most secure...
I totally disagree, it would even be the opposite. Let's suppose for a
minute that we provide an option which lets you force every single bit
of ssloptions. For example you have the following in the global section :
global
ssl.force-options 0x1234 # workaround the ZORGLUB attack
What will happen then ? You'll find this config posted on every blog and
people will start to copy-paste it into their configuration without
realizing that it is only relevant to a certain exact version of openssl,
not knowing that their version of the library does not necessarily implement
the extra flags and silently ignores them. In the end you get some users
who *believe* they're safe while they're absolutely not. At least having
to upgrade one component (haproxy/openssl/whatever) is a good way to know
if you're safe or vulnerable.
So I'd rather suggest that we *do not* implement something which makes users
feel safe when they are not.
Willy
