Adding !LOW:!EXPORT to the DEFAULT setting does seem wise. What would be the rationale to keep IDEA cipher suites in there?
I'm not familiar enough with the SEED cipher suites problems. Is it just that they are slow or did I miss a doc on their security? On Mon, Jan 13, 2014 at 10:34 AM, Kurt Roeckx via RT <[email protected]> wrote: > On Mon, Jan 13, 2014 at 05:25:55PM +0100, Jeff Hodges via RT wrote: > > We've been testing clients using OpenSSL against > > https://howsmyssl.com/a/check and noticed that those using > > the OpenSSL_add_all_algorithms() have insecure export cipher suites > > included by default. These cipher suites are using keys less than the > > currently recommended 128-bit keys. > > > > For instance, curl was burned by this: > > http://sourceforge.net/p/curl/bugs/1323/ > > > > I'm not sure if this is a compliance issue, or not, but it would a huge > > boon to the community to have only secure cipher suites included in > client > > preference lists. > > I think the major problem with defaults it's that they are not > suiteable for all applications. You might want to check out > https://bettercrypto.org/ > > One major problem is that you don't always have control over the > other side you're talking to. You might for instance want to look > at this to see what the current state is: > https://jve.linuxwall.info/blog/index.php?post/TLS_Survey > > There is also: > https://www.trustworthyinternet.org/ssl-pulse/ > > I think we all want to have as goal that we want to have at least > 128 bit over the whole chain. The question is what you use as > default and when you drop some things. > > According to the manpage, "DEFAULT" currently stands for > "ALL:!aNULL:!eNULL". Maybe that should get changed to > "ALL:!aNULL:!eNULL:!LOW:!EXPORT", dropping anything that > uses 64 bit or less. You'll end up with 3DES which hass 156 > bits but really only provides 112 bit, and RC4 which you might > also want to disable. Then there are still SEED and IDEA, > which you also might want to disable. > > Basicly you only want AES and Camellia, but you'll need > 3DES or RC4 to be able to talk to some people. > > > Kurt > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
