On Sun, May 03, 2015 at 10:12:45PM +0200, Jeff Hodges via RT wrote:
> I disagree that this is closed with f417997a324037025be61737288e40e171a8218c.
> It only removes the EXPORT ciphers, but does not handle the LOW ones. It's
> 2015, and we can drop them by default now.
Likely so, I would guess that the single-DES LOW ciphers are/were
used even less than the EXPORT ciphers.
So yes, I think it is reasonable to also remove "LOW" from DEFAULT.
Mind you, removing EXPORT removes ephemeral RSA key transport,
which is a significant reduction in attack surface. Disabling
single DES just disables a cipher, so the benefit is not as great,
but I support doing it anyway..
--
Viktor.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
