[openssl-dev] [openssl.org #3621] Support legacy CA removal, ignore unnecessary intermediate CAs in SSL/TLS handshake by default

[Viktor Dukhovni]

On Mon, Dec 15, 2014 at 09:23:26AM -0500, Salz, Rich wrote:

> > For what it's worth, I have tested the Alexa top 1 million servers with the -
> > trusted_first option and haven't found a single server that looses its trusted
> > status, on the other hand, good few percent of servers do gain it.
> 
> It's worth a great deal.  Thanks!  I love fact-based analysis. :)

This can break DANE TLSA verification, because the site's designated
trust anchor might no longer be in the shorter constructed chain.

It won't break Postfix because it does not support PKIX-TA(0) or
PKIX-EE(1), and with DANE-TA(2), Postfix disables all default CAs
using only the wire chain and any full TA keys from DNS.

However, it could break other applications.  This might include
applications that have specifically configured a short list of CAs
to trust (perhaps just one for a particular peer, rather than the
usual browser bundle).

So this is an incompatible change, and cannot be made in a stable
release (1.0.x).  If this changes in master, this must be prominently
listed in the release notes as an incompatible change.

-- 
	Viktor.