On Tue, Sep 09, 2014 at 12:14:36PM -0400, Salz, Rich wrote:
> We disagree. I've got two IETF WG's coming to the same conclusion
> so making post-1.0.2 follow IETF practices seems pretty inarguable.
>
> > The IETF is sadly also prone to knee-jerk reactions.
>
> True. Some would put perpass in that category.
Which is why I cautioned against overly hasty counter-measures.
I don't disagree that applications and operators should generally
disable RC4. Howerver, OpenSSL is not the right place to do so.
In opportunistic TLS, disabling RC4 is often worse than leaving it
enabled.
The library should provide a sensible default preference order,
and a sensible choice of DEFAULT cipher suites, these can be updated
from time to time. Dropping cipher suites nobody is using is fine.
Dropping cipher suites that are in wide use, and making the choice
in code below the application layer is I think unwise.
We could introduce a new cipher suite class name "BCP", to complement
"DEFAULT". The latter is broadly interoperable with sensible
ordering but inclusive cipher choices, the former would be more
restrictive, offering only the BCP cipher suites, sensibly ordered.
Applications that want "BCP", could have it. Applications that
emphasize interoperability would use "DEFAULT". Then you would
be free to tweak "BCP" more aggressively than "DEFAULT".
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
