[openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Nov 13 19:48:41 UTC 2015
On Fri, Nov 13, 2015 at 06:03:33PM +0000, Jonathan Larmour wrote:
> I strongly agree with this. Not every OpenSSL user reads the openssl-dev
> mailing list (nor -announce). I have been bitten by this in the past in
> other FOSS projects which only solicited comments from mailing list readers.
>
> Disabling (and deprecating) them achieves most of the desired effect
> anyway as it makes it trivial to identify which bits to remove later on.
Disabling (from say the DEFAULT cipherlist) works for TLS because
users can re-enable by setting a custom cipherlist.
Disabling basic cryptographic primitives which are used via EVP by
applications for crypto support is much more difficult. The code
can be conditionally compiled (with the default to not compile),
but users would then have to recompile the library. Distributions
would likely delay the visibility of the change by enabling the
compilation of the legacy algorithms.
There's no easy way to do this. So we need to proceed with care.
The simplest approach is to remove ciphersuites from the SSL/TLS
code (effectively making them unavailable even via ALL:COMPLEMENTOFALL),
but leave the underlying crypto in the library.
Similarly, one might remove algorithms from S/MIME, CMS, ... while
leaving them in the base crypto library.
Only once an algorithm is no longer used by any of the upper layers
can we start planning removal from the EVP layer.
At this point therefore, I would start by removing SSL/TLS ciphersuite
codepoints as suggested (and also 1DES).
Whether any of the EVP interfaces are ready for removal, I don't
know.
--
Viktor.
More information about the openssl-dev
mailing list