[openssl-users] [openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

Emilia Käsper emilia at openssl.org
Mon Nov 16 18:51:08 UTC 2015


One more time,

I know that someone, somewhere is probably using any given feature of
OpenSSL. I am looking to gather information about concrete, actively
maintained applications that may be using one of those algorithms, to build
a more complete picture.

If you are aware of a concrete use of MD2 or any of the other algorithms,
please let us know!

Thanks,
Emilia

On Mon, Nov 16, 2015 at 7:25 PM, Hubert Kario <hkario at redhat.com> wrote:

> On Monday 16 November 2015 16:51:10 Emilia Käsper wrote:
> > IDEA, MD2, MDC2, RC5, RIPEMD, SEED, Whirlpool, binary curves
> >
> > This isn't of course entirely representative of widespread usage.
> > However Google's multi-billion line codebase now builds against
> > BoringSSL and therefore largely does not depend on these algorithms.
> > Those billions of lines aren't all new and shiny code written in
> > 2015, and some of it does have to interoperate with the outside
> > world.
> >
> > And here's the list gone from LibreSSL, from what I can tell:
> >
> > MD2, MDC2, RC5, SEED
> >
> > Neither have removed CAST, and there is presumably a good reason for
> > that. (PGP?)
> >
> > It seems to me that these can pretty safely go:
> >
> > MD2 - (The argument that someone somewhere may want to keep verifying
> > old MD2 signatures on self-signed certs doesn't seem like a
> > compelling enough reason to me. It's been disabled by default since
> > OpenSSL 1.0.0.) MDC2
> > SEED
> > RC5
> >
> > These could probably stay (C only):
> >
> > CAST
> > IDEA
> > RIPEMD (used in Bitcoin?)
> > WHIRLPOOL
> >
> > as well as
> >
> > BLOWFISH
> > MD4
> > RC2
> >
> > I am on the fence about the binary curves: I am not aware of any
> > usage, really, and it's not about to pick up now.
>
> I'm afraid you're too focused on TLS/SSL use case. And while it is
> important it's not the only use case the OpenSSL does serve.
>
> And for what it's worth, I'm very much *for* removing as much (and as
> fast as possible) support for the old junk (or unused stuff - like
> curves < 256 bit) in TLS. Search the archives for "Insecure DEFAULT
> cipher set" for an example.
>
> But stuff like this:
>
> > The argument that someone somewhere may want to keep verifying
> > old MD2 signatures on self-signed certs
>
> is not true. I was talking about document signatures, time stamps, CRL
> signatures and certificate signatures in general. Not the trust anchors
> or their self-signatures.
>
> --
> Regards,
> Hubert Kario
> Senior Quality Engineer, QE BaseOS Security team
> Web: www.cz.redhat.com
> Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151116/9d82366e/attachment.html>


More information about the openssl-users mailing list