> From: Michael Wojcik [mailto:michael.woj...@microfocus.com]
Thanks for the detailed and thoughtful response. I only want to respond to a
few of your points.
> One is simply that we're seeing a lot of
> OpenSSL roadmap announcements. That's good in the sense that before the
> funding boost, pr
On Wed, Feb 11, 2015 at 12:59:22PM +0100, Hubert Kario wrote:
> On Tuesday 10 February 2015 21:46:46 Viktor Dukhovni wrote:
> > On Tue, Feb 10, 2015 at 09:15:36PM +, Salz, Rich wrote:
> > > I would like to make the following changes in the cipher specs, in the
> > > master branch, which is pla
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Salz, Rich
> Sent: Wednesday, February 11, 2015 13:26
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] [openssl-dev] Proposed cipher changes for
> post-1.0.2
>
> > All
On Wed, Feb 11, 2015 at 03:46:54PM +, Salz, Rich wrote:
> > I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it
> > explicitly in DEFAULT) is a good one that maintains important backward
> > compatibility while providing the desired removal of RC4 by default. There's
> > no ad
On 11/02/2015 16:46, Salz, Rich wrote:
I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it
explicilty in DEFAULT) is a good one that maintains important backward
compatibility while providing the desired removal of RC4 by default. There's
no advantage to moving RC4 to LOW.
Sure
> All sorts of things can be done. Clearly, in the Brave New World of well-
> funded OpenSSL, they'll have to be, because it's apparent that we're going to
> see a lot of disruptive change made on the flimsiest of pretexts, with
> objections from the user community brushed aside. That's your prerog
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Salz, Rich
> Sent: Wednesday, February 11, 2015 10:47
> To: openssl-users@openssl.org; openssl-...@openssl.org
> Subject: Re: [openssl-users] [openssl-dev] Proposed cipher changes for
> post-1.0.2
&
> I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it
> explicilty in DEFAULT) is a good one that maintains important backward
> compatibility while providing the desired removal of RC4 by default. There's
> no advantage to moving RC4 to LOW.
Sure there is: it's an accurate descr
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Tuesday, February 10, 2015 21:01
> To: openssl-...@openssl.org; openssl-users@openssl.org
> Subject: Re: [openssl-users] [openssl-dev] Proposed cipher changes for
> post-1.0.
On Wed, Feb 11, 2015 at 01:50:07AM -0500, Daniel Kahn Gillmor wrote:
> > RC4 in LOW has a bit of pushback so far. My cover for it is that the
> > IETF says "don't use it." So I think saying "if you want it, say so" is
> > the way to go.
>
> I think that's the correct position. People who want
On Wed, Feb 11, 2015 at 03:30:57AM +, Salz, Rich wrote:
> > By all means, don't use it, but it is not OpenSSL's choice to make by
> > breaking
> > the meaning of existing interfaces.
>
> Except that we've explicitly stated we're breaking things with this new
> release.
>
> Those magic ciph
> By all means, don't use it, but it is not OpenSSL's choice to make by breaking
> the meaning of existing interfaces.
Except that we've explicitly stated we're breaking things with this new release.
Those magic cipher keywords are point-in-time statements. And time has moved
on.
_
On Wed, Feb 11, 2015 at 12:22:44AM +, Salz, Rich wrote:
> RC4 in LOW has a bit of pushback so far. My cover for it is that
> the IETF says "don't use it." So I think saying "if you want it,
> say so" is the way to go.
By all means, don't use it, but it is not OpenSSL's choice to make
by bre
On Tue, Feb 10, 2015 at 06:17:38PM -0500, Daniel Kahn Gillmor wrote:
> On Tue 2015-02-10 16:15:36 -0500, Salz, Rich wrote:
> > I would like to make the following changes in the cipher specs, in the
> > master branch, which is planned for the next release after 1.0.2
> >
> > Anything that uses RC4
> currently, this is an error:
>
> 0 dkg@alice:~$ openssl ciphers -v ALL:!NO-SUCH-CIPHER
> bash: !NO-SUCH-CIPHER: event not found
> 0 dkg@alice:~$
Yeah, but that's coming from bash, not openssl :)
; openssl ciphers -v ALL | wc
111 6758403
; openssl ciphers -v ALL:!FOOBAR | wc
111
On Tue, Feb 10, 2015 at 09:15:36PM +, Salz, Rich wrote:
> I would like to make the following changes in the cipher specs, in the master
> branch, which is planned for the next release after 1.0.2
>
> Anything that uses RC4 or MD5 what was in MEDIUM is now moved to LOW
Note, that RC4 is alre
16 matches
Mail list logo