[openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback
Hubert Kario
hkario at redhat.com
Mon Nov 16 18:25:07 UTC 2015
On Monday 16 November 2015 16:51:10 Emilia Käsper wrote:
> IDEA, MD2, MDC2, RC5, RIPEMD, SEED, Whirlpool, binary curves
>
> This isn't of course entirely representative of widespread usage.
> However Google's multi-billion line codebase now builds against
> BoringSSL and therefore largely does not depend on these algorithms.
> Those billions of lines aren't all new and shiny code written in
> 2015, and some of it does have to interoperate with the outside
> world.
>
> And here's the list gone from LibreSSL, from what I can tell:
>
> MD2, MDC2, RC5, SEED
>
> Neither have removed CAST, and there is presumably a good reason for
> that. (PGP?)
>
> It seems to me that these can pretty safely go:
>
> MD2 - (The argument that someone somewhere may want to keep verifying
> old MD2 signatures on self-signed certs doesn't seem like a
> compelling enough reason to me. It's been disabled by default since
> OpenSSL 1.0.0.) MDC2
> SEED
> RC5
>
> These could probably stay (C only):
>
> CAST
> IDEA
> RIPEMD (used in Bitcoin?)
> WHIRLPOOL
>
> as well as
>
> BLOWFISH
> MD4
> RC2
>
> I am on the fence about the binary curves: I am not aware of any
> usage, really, and it's not about to pick up now.
I'm afraid you're too focused on TLS/SSL use case. And while it is
important it's not the only use case the OpenSSL does serve.
And for what it's worth, I'm very much *for* removing as much (and as
fast as possible) support for the old junk (or unused stuff - like
curves < 256 bit) in TLS. Search the archives for "Insecure DEFAULT
cipher set" for an example.
But stuff like this:
> The argument that someone somewhere may want to keep verifying
> old MD2 signatures on self-signed certs
is not true. I was talking about document signatures, time stamps, CRL
signatures and certificate signatures in general. Not the trust anchors
or their self-signatures.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151116/95555aca/attachment.sig>
More information about the openssl-dev
mailing list