> You really should look at the extensive research done by SSL Labsbefore
> blindly deprecating stuff.
Sorry you think I'm doing that. I'm raising an issue six months before it will
affect people.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
__
On 09/09/2014 19:20, Salz, Rich wrote:
In addition to removing the very-weak (less than 70 bits security) ciphers
from the default list,this would be a good opportunity to reorder the default
I'd prefer to wait until TLS 1.3 is implemented, which has some definite (and
rather strong :) feelings
On Tue, Sep 09, 2014 at 07:04:36PM +0200, Jakob Bohm wrote:
> In addition to removing the very-weak (less than 70 bits security)
> ciphers from the default list,this would be a good opportunity to
> reorder the default list (either via the define, or bettervia whatever
> internal priorities guide
> In addition to removing the very-weak (less than 70 bits security) ciphers
> from the default list,this would be a good opportunity to reorder the default
I'd prefer to wait until TLS 1.3 is implemented, which has some definite (and
rather strong :) feelings on the subject. Doing things like p
On 09/09/2014 00:42, Salz, Rich wrote:
We are considering removing weak cryptography from the value of DEFAULT. That is, append
":!LOW:!EXPORT"
It is currently defined as this in include/openssl/ssl.h:
#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
Please let us know
> Folks who want strong BCP crypto, can disable MEDIUM.
Folks who want weak non-BCP crypto can enable LOW.
I'm putting this on hold to see where we are 6-9 months from now.
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.me Twitter: RichSalz
__
On Tue, Sep 09, 2014 at 06:29:51PM +0200, Jeroen de Neef wrote:
> I can see RC4 going in the list of low security ciphers within a couple of
> years anyways, so we can better discourage the usage right now.
Note that RC4 is essentially the only widely used MEDIUM cipher,
and is by default last on
On Tue, Sep 09, 2014 at 12:14:36PM -0400, Salz, Rich wrote:
> We disagree. I've got two IETF WG's coming to the same conclusion
> so making post-1.0.2 follow IETF practices seems pretty inarguable.
>
> > The IETF is sadly also prone to knee-jerk reactions.
>
> True. Some would put perpass in t
I can see RC4 going in the list of low security ciphers within a couple of
years anyways, so we can better discourage the usage right now.
2014-09-09 18:14 GMT+02:00 Salz, Rich :
> We disagree. I've got two IETF WG's coming to the same conclusion so
> making post-1.0.2 follow IETF practices seem
Yes, I'm jumping the gun claiming that the I-D are standards. They're not.
They're just drafts.
I'm willing to wait and see what happens for a few months.
__
OpenSSL Project http://www.openssl.org
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Salz, Rich
> Sent: Tuesday, 09 September, 2014 11:35
> To: openssl-users@openssl.org
> Subject: RE: Value of DEFAULT cipher suite
>
> > Far more productive than disabling RC4 w
On Tue, Sep 09, 2014 at 11:34:43AM -0400, Salz, Rich wrote:
> > Far more productive than disabling RC4 would be ensuring that it is not the
> > preferred cipher suite when better options are enabled.
>
> I am not disabling RC4. I am saying that applications that want
> to use it will, after the
We disagree. I've got two IETF WG's coming to the same conclusion so making
post-1.0.2 follow IETF practices seems pretty inarguable.
> The IETF is sadly also prone to knee-jerk reactions.
True. Some would put perpass in that category.
--
Principal Security Engineer
Akamai Technologies, Camb
> Far more productive than disabling RC4 would be ensuring that it is not the
> preferred cipher suite when better options are enabled.
I am not disabling RC4. I am saying that applications that want to use it
will, after the post-1.0.2 release is adopted, need to take pro-active action.
This
> For what it's worth, I'm with Victor on this. RC4 as cipher of last resort in
> the
> default set is better than not having it there at all.
Take it up with the IETF which has two working groups advocating against it.
UTA (use of TLS in applications) and the TLS group itself:
https://tools.i
On Tue, Sep 09, 2014 at 10:40:26AM -0400, Salz, Rich wrote:
> That should probably also be done. But things like HIGH LOW,
> etc are point-in-time statements and raising the bar so that existing
> applications just get more secure without having to change anything
> is also worth doing.
This is
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Viktor Dukhovni
> Sent: Tuesday, 09 September, 2014 09:01
> To: openssl-users@openssl.org
> Subject: Re: Value of DEFAULT cipher suite
>
> On Tue, Sep 09, 2014 at 08:42:36AM -0
> Master has "security levels", which still need some work, but are a less crude
> mechanism for such tweaks. Disabling RC4 at security level 2 or some such, is
> better than incompatibly reclassifying it as "LOW". We can discuss the
> details
> later.
That should probably also be done. But th
On Tue, Sep 09, 2014 at 08:42:36AM -0400, Salz, Rich wrote:
> > Moving RC4 to "LOW" is also premature. It is already at the bottom of the
> > medium cipherlist, that should be enough.
>
> I am planning on doing it for master, not 1.0.2 That means it
> won't be in an official release until... wh
> Moving RC4 to "LOW" is also premature. It is already at the bottom of the
> medium cipherlist, that should be enough.
I am planning on doing it for master, not 1.0.2 That means it won't be in an
official release until... what, at least six months.
___
On Tue, Sep 09, 2014 at 08:13:40AM -0400, Salz, Rich wrote:
> > Please consider also adding !SSLv3 and !RC4 to this list.
>
> My plan is to move RC4 and MD5 to LOW; see RT3518.
Moving RC4 to "LOW" is also premature. It is already at the bottom
of the medium cipherlist, that should be enough.
O
On Tue, Sep 09, 2014 at 11:02:45AM +0200, Benny Baumann wrote:
> Please consider also adding !SSLv3 and !RC4 to this list.
No. That would be unwise at this time.
--
Viktor.
__
OpenSSL Project
> Please consider also adding !SSLv3 and !RC4 to this list.
My plan is to move RC4 and MD5 to LOW; see RT3518. As for SSLv3, the issue is
that you really mean the protocol, not the ciphers (there's overlap with SSL
and TLS), which is configured separately, and only via code. So I think I have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Rich,
Am 09.09.2014 00:42, schrieb Salz, Rich:
> We are considering removing weak cryptography from the value of
> DEFAULT. That is, append ":!LOW:!EXPORT"
>
> It is currently defined as this in include/openssl/ssl.h: #define
> SSL_DEFAULT_CI
We are considering removing weak cryptography from the value of DEFAULT. That
is, append ":!LOW:!EXPORT"
It is currently defined as this in include/openssl/ssl.h:
#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
Please let us know if you have strong objections to this.
-
25 matches
Mail list logo
