----- Original Message ----- > From: "Viktor Dukhovni" <[email protected]> > To: [email protected] > Sent: Friday, 28 March, 2014 8:25:50 PM > Subject: Re: Insecure DEFAULT cipher set > > On Fri, Mar 28, 2014 at 03:11:46PM -0400, Hubert Kario wrote: > > > > I am much more concerned about servers than clients, but it is > > > likely that TLS client apps on XP (perhaps Outlook Express, ...) > > > also have similar problems. > > > > From what I found through googling I see that the issue was actually > > fixed quite a few years ago. > > In theory only. The fix was very thinly applied, and is no longer > available for download.
I see it available: http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=948963&kbln=en-us http://support.microsoft.com/kb/948963 > > I don't think we should put known weak ciphers in future version of > > openssl's DEFAULT set to work with software configuration that is not > > supported by the vendor right now and won't be supported at all in just > > over a year. > > You're still playing "my security level is bigger than yours". > There is no benefit in excluding RC4-SHA1 from the default list. > When servers support stronger algorithms, those will be negotiated. > All you get by exclusing RC4-SHA1 is loss of interoperability, which > may be OK for dedicated environments, but is not a good DEFAULT. Problem is that RC4 is providing comparable security to export grade suites. It is essentially broken. Sure, it will prevent opportunistic eavesdropping, but it is not secure. It is not a "my security level is bigger than yours", it is a difference between known broken and weak. 3DES is weak, RC4 is broken. As such, it should be a concious decision by the admin to enable it. -- Regards, Hubert Kario BaseOS QE Security team Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
