[openssl-users] [openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

Short, Todd tshort at akamai.com
Mon Nov 23 16:05:12 UTC 2015


I suspect that most “users” of OpenSSL are doing it indirectly through other applications that use TLS (or crypto) functionality. Example: the Cisco AnyConnect client is reportedly one of the most installed pieces of software regardless of platform; it uses OpenSSL for TLS.

Taking those indirect users into account, they don’t care about the research or advanced uses of OpenSSL; they just want to connect securely to their corporate network.

--
-Todd Short
// tshort at akamai.com<mailto:tshort at akamai.com>
// "One if by land, two if by sea, three if by the Internet."

On Nov 20, 2015, at 9:09 PM, Peter Waltenberg <pwalten at au1.ibm.com<mailto:pwalten at au1.ibm.com>> wrote:

Quite reasonable except.

I'm not sure you have majority and minority the right way around. My guess would be that the majority of OpenSSL users are libcrypto. consumers rather than SSL/TLS consumers.

A point several of us have been trying to get through for some time.

Peter

-----"openssl-dev" <openssl-dev-bounces at openssl.org<mailto:openssl-dev-bounces at openssl.org>> wrote: -----
To: "openssl-dev at openssl.org<mailto:openssl-dev at openssl.org>" <openssl-dev at openssl.org<mailto:openssl-dev at openssl.org>>
From: "Short, Todd"
Sent by: "openssl-dev"
Date: 11/21/2015 08:28AM
Cc: "openssl-users at openssl.org<mailto:openssl-users at openssl.org>" <openssl-users at openssl.org<mailto:openssl-users at openssl.org>>
Subject: Re: [openssl-dev] [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

While I am all for simplicity, I also think that removing functionality is a “bad idea”.

To reduce the support burden, deprecate the ciphers:
1. Under support, indicate that these ciphers will no longer receive fixes.
2. Remove any assembly implementations
3. Disable them by default.

I suggest following the 80/20 rule (sometimes the 95/5 rule):

Those “who care” (the minority) about the ciphers can re-enable them and rebuild the library.
Those “who don’t care” (the majority) about the ciphers, should get the functionality that most people care about, basically SSL/TLS connectivity.

--
-Todd Short
// tshort at akamai.com<mailto:tshort at akamai.com>
// "One if by land, two if by sea, three if by the Internet."

--
-Todd Short
// tshort at akamai.com<mailto:tshort at akamai.com>
// "One if by land, two if by sea, three if by the Internet."

On Nov 18, 2015, at 1:52 PM, Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu<mailto:uri at ll.mit.edu>> wrote:

On 11/18/15, 12:12 , "openssl-dev on behalf of Benjamin Kaduk"
<openssl-dev-bounces at openssl.org<mailto:openssl-dev-bounces at openssl.org> on behalf of bkaduk at akamai.com<mailto:bkaduk at akamai.com>> wrote:

On 11/18/2015 07:05 AM, Hubert Kario wrote:
So, a full CAdES-A, XAdES-A or PAdES-A implementation _needs_ to
support
both relatively modern TLS with user certificates, preferably the
newest
cryptosystems and hashes as well as the oldest ones that were
standardised and used.

That means that old algorithms MUST remain in OpenSSL as supported
functionality. It may require linking to a specific library to make the
EVP* with old ciphers, MACs, etc. work, but they MUST NOT be removed
from it completely, definitely not before at least 50 years _after_
they
became obsolete and broken.

There seems to be a logical leap between these two paragraphs.  Why is
it necessary that OpenSSL be the only cryptographic library used by
CAdES-A/etc. implementations?

Because it used to be the only real game in town, and *people learned to
rely upon it*.

Is it in fact even necessary that only a
single version of a single cryptographic library be used for such
software?

No, of course not. But after letting people depend on this “single
cryptographic library” for many years, telling them “too bad” isn’t very
nice.

While OpenSSL may try to be a general-purpose crypto library,
when a software has stringent or unusual crypto requirements, it seems
reasonable that such a software may need to involve unusual
implementations.

The requirements did not change. What changed was the maintainers
expressing their desire to stop supporting some of them.

I do not believe that OpenSSL has promised anywhere that it will support
this sort of use case.

Implicitly, by providing that kind of service for so long. And explicitly,
as pointed out by Hubert:

From the main web page of project:

The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, *full-featured*, and Open Source toolkit
implementing the Transport Layer Security (TLS) and Secure Sockets
Layer (SSL) protocols as well as a full-strength *general purpose*
*cryptography library* .

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev<https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=CwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=wLKbuAEIg97aXrny3BLz9tizXjzlqZv0jmZW-IYw6TI&s=rLWkWL61n3XEa8EW9F5ItKDtMAXIy6DbEfbXoLpqN3Y&e=>

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev<https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=CwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=wLKbuAEIg97aXrny3BLz9tizXjzlqZv0jmZW-IYw6TI&s=rLWkWL61n3XEa8EW9F5ItKDtMAXIy6DbEfbXoLpqN3Y&e=>

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151123/0ea3c1fc/attachment-0001.html>


More information about the openssl-users mailing list