On 13 February 2016 at 00:16, Viktor Dukhovni <[email protected]> wrote:
> > > On Feb 12, 2016, at 6:55 PM, Richard Moore <[email protected]> > wrote: > > > > Personally I think the fact that HIGH includes ciphersuites that offer > no MITM protection means that those who trust it have already been totally > betrayed. > > The correct way to use high-grade ciphers is. > > "DEFAULT:!EXPORT:!LOW:!MEDIUM" > > The various individual cipherlist building blocks are properly orthogonal, > and HIGH/MEDIUM/LOW/EXPORT covers only the symmetric algorithm strength. > > One can also use it safely via constructs such as "HIGH:!aNULL:!aDSS:!kRSA" > (if say one also wants to disable DSA and RSA key transport). > Yeah, the apache docs didn't say this for /many/ years and it was rejected when I reported it as a security problem. The docs had been correct I believe with some older versions of openssl but the more general point is that users need a setting that doesn't require expertise, a decoder ring or a secret handshake. I think we need to reach a point where DEFAULT is the only sensible option for users without extensive expertise and means to ensure that they don't make things worse by mistake. HIGH currently is a dangerous option. Rich.
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
