[openssl-dev] [openssl.org #2464] TLS-RSA-PSK support
Hubert Kario
hkario at redhat.com
Tue Aug 18 16:48:25 UTC 2015
On Monday 17 August 2015 15:54:03 Viktor Dukhovni wrote:
> On Fri, Jul 31, 2015 at 05:37:20PM +0000, Viktor Dukhovni wrote:
> > Which ciphers are actually needed by PSK users? My hope is that
> > at this point RC4 and 3DES are not. It is highly likely that CBC
> > AES-CBC is needed, perhaps also Camellia, but the question is I
> > think worth asking.
>
> So what's the final resolution of this? Should we keep or drop
> the new PSK RC4 and PSK 3DES codepoints:
>
> TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA
> TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA
how do you define "remove"?
1. not part of DEFAULT, part of ALL?
2. part of COMPLEMENTOFALL
3. behind compile time option
4. behind #if 0
5. actually removed from source
1-3 are fine by me, 4 I wouldn't like, I'm against 5
> On a related note (for those also reading the TLS WG list), any
> thoughts on deprecating any or all of the kDHr, kDHd, kECDHr, kECDHe
> ciphers?
if "deprecate" means 1) or 2), I'm all for it
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150818/7ca84929/attachment-0001.sig>
More information about the openssl-dev
mailing list