[openssl-dev] [openssl.org #3627] Enhancement request: add more "Protocol" options for SSL_CONF_CTX

Steffen Nurpmeso sdaoden at yandex.com
Thu Dec 11 19:09:04 UTC 2014 

"Stephen Henson via RT" <rt at openssl.org> wrote:
 |On Mon Dec 08 20:20:44 2014, sdaoden at yandex.com wrote:
 |> and finally i propose three new values for the "Protocol" slot of
 |> SSL_CONF_CTX_cmd(): OLDEST, NEWEST and VULNERABLE.
 |
 |Just to add my 2p to this thread which seems to have veered into rather
 |different territory...

Please.  Oh yes, i think i have digressed a lot by now.

 |I don't think it's appropriate to have a "VULNERABLE" option as a protocol
 |selection value partly because vulnerability rarely affects a whole protocol
 |version, just aspects of it. You can (for example) restrict yourself to TLS
 |v1.2 and still do insecure things such as talk to servers \
 |with 512 bit RSA keys
 |or using 256 bit DH parameters.
 |
 |Your request seems closer to the "security levels" code which \
 |is currently only
 |in the OpenSSL master branch. It will by default reject many \
 |things: including
 |the RSA, DH examples above. An application can increase the \
 |security level to
 |make things stricter (but this will fail for many existing \
 |servers so it isn't
 |the default), disable it completely and handle everything \
 |themselves (which is
 |what previous versions of OpenSSL do) or have finer control using an
 |application specific callback.

Ok, i've never ment to go that much into the details, what i've
also said in the other responses.  Yours is the view of someone
who deeply penetrates the problem for i think way over a decade,
mine is rather restricted to a well-known book, what you hear here
and there plus some manual reading, no more and no less.

On this level "SSLv2" is "very insecure" and so for a very long
time, "SSLv3" was "insecure" and now has made it to the same level
as is predecessor.  After reading the draft linked in a message
of this thread and following some references it seems that i drive
very well with restricting myself (and recommend users that ask)
to TLSv1.2, which i do for well over a year, when i can.  I just
_never_ played with any other setting regarding TLS/SSL, though i
have to admit that i once adjusted a "MACs" SSH configuration
setting (to be able to connect).

That is all i know -- and _my_ opinion is that if that is not
sufficient, something is wrong.  Because _i_ will _never_
accomplish an intellectual penetration of -- short -- anything
involved to get at a permanently secured encrypted transport.
Just never.  And, when that far, i'm a buddhist, actually i'm even
disgusted of secure transport as such.  Here is all about
reflection, canalisation and transformation, but now i think i'm
really off-topic.  So if that doesn't clash a desire to
intellectually penetrate secure transport then i don't know.  :-)
I'm still hoping for at least (OLDEST/MIN and) NEWEST/MAX.
Ciao,

--steffen

More information about the openssl-dev mailing list