[openssl-dev] [openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

Thu Nov 19 12:59:05 UTC 2015

On Wednesday 18 November 2015 14:34:41 Benjamin Kaduk wrote:
> On 11/18/2015 12:52 PM, Blumenthal, Uri - 0553 - MITLL wrote:
> > On 11/18/15, 12:12 , "openssl-dev on behalf of Benjamin Kaduk"
> > 
> > <openssl-dev-bounces at openssl.org on behalf of bkaduk at akamai.com> 
wrote:
> >> On 11/18/2015 07:05 AM, Hubert Kario wrote:
> >>> So, a full CAdES-A, XAdES-A or PAdES-A implementation _needs_ to
> >>> support
> >>> both relatively modern TLS with user certificates, preferably the
> >>> newest
> >>> cryptosystems and hashes as well as the oldest ones that were
> >>> standardised and used.
> >>> 
> >>> That means that old algorithms MUST remain in OpenSSL as supported
> >>> functionality. It may require linking to a specific library to
> >>> make the EVP* with old ciphers, MACs, etc. work, but they MUST
> >>> NOT be removed from it completely, definitely not before at least
> >>> 50 years _after_ they
> >>> became obsolete and broken.
> >> 
> >> There seems to be a logical leap between these two paragraphs.  Why
> >> is it necessary that OpenSSL be the only cryptographic library
> >> used by CAdES-A/etc. implementations?
> > 
> > Because it used to be the only real game in town, and *people
> > learned to rely upon it*.
> > 
> >> Is it in fact even necessary that only a
> >> single version of a single cryptographic library be used for such
> >> software?
> > 
> > No, of course not. But after letting people depend on this “single
> > cryptographic library” for many years, telling them “too bad” isn’t
> > very nice.
> 
> I guess I'm just having a hard time wrapping my head around why, upon
> hearing that the volunteer-run project is giving years' advance notice
> that certain features will be removed, the response is insistence
> that everything must remain supported forever, instead of using the
> advance notice to investigate alternatives.  Volunteers should be
> allowed to ease up when they need to, after all.

not everything

If there was a queue to axe MD5 and SHA-1 signatures, 1DES ciphers, RC4 
and export grade ciphers in libssl, you can be sure you'll find me at 
front of it

we already removed SSLv2 from 1.1.0 and nobody really argued that it 
needs to stay

But libcrypto needs to support legacy stuff because it needs to handle 
data at rest, not only data in transit. Those two are completely 
different worlds.
-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151119/76821f06/attachment.sig>