[openssl-users] Dumb question about DES

Scott Neugroschl scott_n at xypro.com
Thu May 11 20:17:25 UTC 2017


So if I'm using 1.0.2, and want to deprecate 3DES, I need to do that as part of my build?

From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Scott Neugroschl
Sent: Thursday, May 11, 2017 11:13 AM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] Dumb question about DES

OK.  Are the 3DES CBC ciphers still part of DEFAULT?

From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Benjamin Kaduk via openssl-users
Sent: Thursday, May 11, 2017 9:18 AM
To: openssl-users at openssl.org<mailto:openssl-users at openssl.org>
Subject: Re: [openssl-users] Dumb question about DES

Those ciphers are triple-DES, not single-DES.  (The "CBC3" gives it away ... well, not exactly.)
The single-DES ciphers were removed in release 1.1.0 (they are included in the "40 and 56 bit cipher support removed from libssl" item in the release notes), though the raw crypto primitives remain in libcrypto.

-Ben
On 05/11/2017 11:07 AM, Scott Neugroschl wrote:
Has DES been deprecated in OpenSSL?  If so, what release?  In particular the following ciphers


      0.19 EDH-DSS-DES-CBC3-SHA

      0.22 EDH-RSA-DES-CBC3-SHA

    192.13 ECDH-RSA-DES-CBC3-SHA

    192.3  ECDH-ECDSA-DES-CBC3-SHA

    192.18 ECDHE-RSA-DES-CBC3-SHA

    192.8  ECDHE-ECDSA-DES-CBC3-SHA



---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170511/61e0345b/attachment.html>


More information about the openssl-users mailing list