On Fri, Mar 28, 2014 at 02:39:17PM -0400, Hubert Kario wrote:
> > As must RC4-SHA1. There are still considerably many Windows XP
> > and Windows 2003 systems whose strongest working cipher-suite is
> > RC4-SHA1, and whose 3DES cipher-suite implements broken CBC padding
> > (perhaps the breakage is in appications rather than the TLS library,
> > but this is not important).
>
> I have not known that XP implementation of 3DES-CBC is broken, can
> you provide some more info about that?
I've observed and reported (Google for my name and this issue) this
frequently with Exchange 2003 on Windows 2003 servers, which botches
3DES CBC padding. I've heard rumour of similar problems with IIS,
but have not personally tested this.
I am much more concerned about servers than clients, but it is
likely that TLS client apps on XP (perhaps Outlook Express, ...)
also have similar problems.
> > and furthermore it MUST be the case that:
> >
> > HIGH := ALL:!MEDIUM:!LOW:!EXPORT
> > MEDIUM := ALL:!HIGH:!LOW:!EXPORT
> > LOW := ALL:!HIGH:!MEDIUM:!EXPORT
> > EXPORT := ALL:!HIGH:!MEDIUM:!LOW
>
> It can't be
>
> HIGH := ALL:!MEDIUM:!LOW:!EXPORT:!aNULL:!eNULL
> MEDIUM := ALL:!HIGH:!LOW:!EXPORT:!aNULL:!eNULL
> LOW := ALL:!HIGH:!MEDIUM:!EXPORT:!aNULL:!eNULL
> EXPORT := ALL:!HIGH:!MEDIUM:!LOW:!aNULL:!eNULL
>
> because of channel binding, yes?
Applications that do anonymous TLS and then channel-bind with
GSSAPI, or clients that use "HIGH" for mandatory encryption without
authentication... There is no history of excluding aNULL in HIGH,
and breaking compatibility to change this would be rather bad.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
