Tom Smyth wrote on 01/08/16 16:40:
Pardon my ignorance what is the major risk of leaving tls 1.0 enabled...
I think leaving an encryption method enabled once highergrade
encryptionmethods are chosen if both parties support is a more sensible
To be honest, I have no idea because I am not a cryptographer. So take
this with a grain of salt, but I think the weaknesses that afflicted
SSL3 are creeping into TLS1. Man-in-the-middle, side-channel, and
downgrade attacks are the worries with these older protocols. Even AES
has recently shown some weaknesses to side-channel analysis when done in
software (no hardware AES-NI). It seems time is cryptos worst enemy.
Sure, strong encryption methods can be used over these older protocols,
but if the negotiation defined by the protocol is flawed, then it's game
over. If the keys to the kingdom are leaked, it doesn't matter how
strong your key is.
Here is the fluffy announcement from the PCI security council with an
excerpt:
"SSL and early TLS are not considered strong cryptography and
cannot be used as a security control after 30th June, 2016."
https://www.pcisecuritystandards.org/documents/Migrating_from_SSL_Early_TLS_Information%20Supplement_v1.pdf
All I know is that I don't want to be blacklisted by VISA and MasterCard
because I'm failing PCI compliance. I want to continue accepting credit
cards, but I also want to keep using stock OpenSMTPD on OpenBSD.
I'm just asking: is offering TLS1 the "best encryption by default?"
Gilles proposed that rationale instead of a "knob" back in 2014. Should
we be thinking about this again?
As a side note, regarding PCI-DSS compliance: the same level of security
is required for other public facing protocols as well, such as HTTPS and
IMAPS, not just SMTP. My nginx and dovecot installations have knobs that
that solve this problem. However, I'm not turning those knobs until the
last minute on June 30 because I want to ensure maximum compatibility
with my customer base. For instance, old Android clients still use TLS
1.0 and I still get some of those customers once in awhile.
With that said, I do respect Gilles decision for not implementing knobs.
What do you guys think? What are some solutions?
I appreciate your feedback,
Clint
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
