[openssl-dev] 3DES is a HIGH-strength cipher?
Phil Pearl
ppearl at zimbra.com
Fri Feb 12 21:06:04 UTC 2016
Seconding Uri and Todd's views...
On Feb 12, 2016, at 3:36 PM, Todd Short <tshort at akamai.com> wrote:
>So, if it’s “mandatory”, then it should be in the default set of
> ciphers, not necessarily the “HIGH” set.
>
> I’m selecting “HIGH” because I want 128-bit+ ciphers, not a cipher
> that that has subsequently found to be weaker than previously
> thought.
I have to agree. The docs on 'cipher' in no way convey that HIGH has
any correlation to MTI (http://tools.ietf.org/html/rfc5246#section-9).
My interpretation of the I IN MTI to mean "Implement" (an
implementation detail necessary to meet the spec), but per the docs
"HIGH" seems to indicate a choice of strength desired when running the
software and therefore these seem a bit orthogonal.
Is there no hope in softening that stance?
Phil
More information about the openssl-dev
mailing list