I’d agree it’s major for for SHA1 but not for MD5.
Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 18 Jun 2020, at 12:20 pm, Tim Hudson <t...@cryptsoft.com> wrote: > > Given that this change impacts interoperability in a major way it should be a > policy vote of the OMC IMHO. > > Tim. > > > On Thu, 18 Jun 2020, 5:57 am Kurt Roeckx, <k...@roeckx.be > <mailto:k...@roeckx.be>> wrote: > On Wed, May 27, 2020 at 12:14:13PM +0100, Matt Caswell wrote: > > PR 10787 proposed to reduce the number of security bits for MD5 and SHA1 > > in TLS (master branch only, i.e. OpenSSL 3.0): > > > > https://github.com/openssl/openssl/pull/10787 > > <https://github.com/openssl/openssl/pull/10787> > > > > This would have the impact of meaning that TLS < 1.2 would not be > > available in the default security level of 1. You would have to set the > > security level to 0. > > > > In my mind this feels like the right thing to do. The security bit > > calculations should reflect reality, and if that means that TLS < 1.2 no > > longer meets the policy for security level 1, then that is just the > > security level doing its job. However this *is* a significant breaking > > change and worthy of discussion. Since OpenSSL 3.0 is a major release it > > seems that now is the right time to make such changes. > > > > IMO it seems appropriate to have an OMC vote on this topic (or should it > > be OTC?). Possible wording: > > So should that be an OMC or OTC vote, or does it not need a vote? > > > Kurt >