[openssl-dev] 3DES is a HIGH-strength cipher?

Viktor Dukhovni openssl-users at dukhovni.org
Fri Feb 12 20:36:36 UTC 2016


> On Feb 12, 2016, at 3:15 PM, Salz, Rich <rsalz at akamai.com> wrote:
> 
> So is RC4 and we don't see that as HIGH. HIGH implies strength, not MTI-ness.

Now let's not make stuff up:

http://tools.ietf.org/html/rfc5246#section-9

9.  Mandatory Cipher Suites

   In the absence of an application profile standard specifying
   otherwise, a TLS-compliant application MUST implement the cipher
   suite TLS_RSA_WITH_AES_128_CBC_SHA (see Appendix A.5  for the
   definition).

http://tools.ietf.org/html/rfc4346#section-9

9. Mandatory Cipher Suites

   In the absence of an application profile standard specifying
   otherwise, a TLS compliant application MUST implement the cipher
   suite TLS_RSA_WITH_3DES_EDE_CBC_SHA.

http://tools.ietf.org/html/rfc2246#section-9

9. Mandatory Cipher Suites

   In the absence of an application profile standard specifying
   otherwise, a TLS compliant application MUST implement the cipher
   suite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA.

Since many users enable just HIGH ciphers, they must not exclude the MTI
ciphers.

-- 
-- 
	Viktor.



More information about the openssl-dev mailing list