[openssl-dev] [openssl.org #2464] TLS-RSA-PSK support
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Aug 18 17:02:24 UTC 2015
On Tue, Aug 18, 2015 at 06:48:25PM +0200, Hubert Kario wrote:
> > So what's the final resolution of this? Should we keep or drop
> > the new PSK RC4 and PSK 3DES codepoints:
> >
> > TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA
> > TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA
>
> how do you define "remove"?
>
> 1. not part of DEFAULT, part of ALL?
> 2. part of COMPLEMENTOFALL
> 3. behind compile time option
> 4. behind #if 0
> 5. actually removed from source
>
> 1-3 are fine by me, 4 I wouldn't like, I'm against 5
These are brand new cipher suites, never before seen in OpenSSL.
The argument is that it makes no sense to *add* these, because
they're already obsolete. So I was hoping for 4 or 5.
> > On a related note (for those also reading the TLS WG list), any
> > thoughts on deprecating any or all of the kDHr, kDHd, kECDHr, kECDHe
> > ciphers?
>
> if "deprecate" means 1) or 2), I'm all for it
For these, I'd like to suggest at least 2, but is there any need
to actually support the underlying static (EC)DH key exchange
methods? Who needs these? Why work so hard to defeat forward
secrecy and enable the KCI attacks?
We can lose a bunch of code and attack surface by not supporting
fixed (EC)DH. Does this code have any users?
--
Viktor.
More information about the openssl-dev
mailing list