[openssl-dev] 3DES is a HIGH-strength cipher?
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Feb 12 20:36:36 UTC 2016
> On Feb 12, 2016, at 3:15 PM, Salz, Rich <rsalz at akamai.com> wrote:
>
> So is RC4 and we don't see that as HIGH. HIGH implies strength, not MTI-ness.
Now let's not make stuff up:
http://tools.ietf.org/html/rfc5246#section-9
9. Mandatory Cipher Suites
In the absence of an application profile standard specifying
otherwise, a TLS-compliant application MUST implement the cipher
suite TLS_RSA_WITH_AES_128_CBC_SHA (see Appendix A.5 for the
definition).
http://tools.ietf.org/html/rfc4346#section-9
9. Mandatory Cipher Suites
In the absence of an application profile standard specifying
otherwise, a TLS compliant application MUST implement the cipher
suite TLS_RSA_WITH_3DES_EDE_CBC_SHA.
http://tools.ietf.org/html/rfc2246#section-9
9. Mandatory Cipher Suites
In the absence of an application profile standard specifying
otherwise, a TLS compliant application MUST implement the cipher
suite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA.
Since many users enable just HIGH ciphers, they must not exclude the MTI
ciphers.
--
--
Viktor.
More information about the openssl-dev
mailing list