[openssl-dev] [openssl.org #2464] TLS-RSA-PSK support
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Jul 31 17:37:20 UTC 2015
On Fri, Jul 31, 2015 at 07:24:15PM +0200, Hubert Kario wrote:
> > Question, should we really be adding new RC4 or new 3DES ciphersuites?
> > Both ciphers are rather obsolete now. And we even have an RFC that
> > "bans" RC4. While I have been known to resist potentially premature
> > removal of *existing* RC4 support, I am certainly not a fan of RC4
> > and see no reason to add more RC4 to OpenSSL.
>
> those are PSK ciphers, unless you set up PSK they won't be advertised at all,
> adding support for them has minimal impact on Internet use (be it port 443 or
> otherwise) of RC4 and 3DES
>
> and for people that actually need this support, it's better that they use
> OpenSSL than a home-cooked solution by an intern
I know all that, but do they in fact need RC4 or 3DES, or are we
just putting them in because they have code-point assignments in
the RFC?
> > I am not even sure that adding Camellia is a net win, ideally AES
> > and (soonish) ChaCha20 are enough.
>
> Camellia is the recommended backup cipher by ENISA, rightfully so
Fine.
> > One might similarly question the longevity of the new CBC suites,
> > TLS 1.3 is moving to AEAD only (the PSK AEAD ciphers will IIRC be
> > used for session resumption in 1.3).
>
> I give them 20 years, ok... 30 years tops
Yes, hence the "might". The point is that I am suggesting some
consideration of what's actually needed before new ciphers are
implemented. Mere inclusion in a somewhat dated RFC is perhaps
not compelling.
Which ciphers are actually needed by PSK users? My hope is that
at this point RC4 and 3DES are not. It is highly likely that CBC
AES-CBC is needed, perhaps also Camellia, but the question is I
think worth asking.
--
Viktor.
More information about the openssl-dev
mailing list