On Mon, Jan 13, 2014 at 05:25:55PM +0100, Jeff Hodges via RT wrote: > We've been testing clients using OpenSSL against > https://howsmyssl.com/a/check and noticed that those using > the OpenSSL_add_all_algorithms() have insecure export cipher suites > included by default. These cipher suites are using keys less than the > currently recommended 128-bit keys. > > For instance, curl was burned by this: > http://sourceforge.net/p/curl/bugs/1323/ > > I'm not sure if this is a compliance issue, or not, but it would a huge > boon to the community to have only secure cipher suites included in client > preference lists.
I think the major problem with defaults it's that they are not suiteable for all applications. You might want to check out https://bettercrypto.org/ One major problem is that you don't always have control over the other side you're talking to. You might for instance want to look at this to see what the current state is: https://jve.linuxwall.info/blog/index.php?post/TLS_Survey There is also: https://www.trustworthyinternet.org/ssl-pulse/ I think we all want to have as goal that we want to have at least 128 bit over the whole chain. The question is what you use as default and when you drop some things. According to the manpage, "DEFAULT" currently stands for "ALL:!aNULL:!eNULL". Maybe that should get changed to "ALL:!aNULL:!eNULL:!LOW:!EXPORT", dropping anything that uses 64 bit or less. You'll end up with 3DES which hass 156 bits but really only provides 112 bit, and RC4 which you might also want to disable. Then there are still SEED and IDEA, which you also might want to disable. Basicly you only want AES and Camellia, but you'll need 3DES or RC4 to be able to talk to some people. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
