[openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

Viktor Dukhovni openssl-users at dukhovni.org
Wed Feb 11 20:21:37 UTC 2015


On Wed, Feb 11, 2015 at 12:59:22PM +0100, Hubert Kario wrote:

> On Tuesday 10 February 2015 21:46:46 Viktor Dukhovni wrote:
> > On Tue, Feb 10, 2015 at 09:15:36PM +0000, Salz, Rich wrote:
> > > I would like to make the following changes in the cipher specs, in the
> > > master branch, which is planned for the next release after 1.0.2
> > > 
> > > Anything that uses RC4 or MD5 what was in MEDIUM is now moved to LOW
> > 
> > Note, that RC4 is already the only commonly used cipher-suite in MEDIUM.
> > 
> > Changing the definitions of EXPOR, LOW, MEDIUM introduces significant
> > compatibility issues for opportunistic TLS (e.g. Postfix) where
> > RC4 is still required for interop and is better than cleartext.
> 
> Opportunistic TLS is a-typical use of TLS. One that is vulnerable to trivial 
> MitM attacks by the very definition. Using "ALL", possibly "ALL:!aNULL", 
> instead of "DEFAULT" doesn't make it much less secure.

Yeah, right, 70-90% of the world's email using opportunistic TLS
is "atypical".  XMPP server-to-server using opportunistic TLS is
"atypical", sorry the browser use-case is not the sole use of TLS.

As for vulnerable to MiTM, opportunistic TLS is less vulnerable
than cleartext.  (I'll believe that you actually care that
opportunistic TLS is not secure enough when Redhat deploys DNSSEC
and DANE TLSA RRs for its MX hosts).

-- 
	Viktor.


More information about the openssl-users mailing list