[openssl-dev] 3DES is a HIGH-strength cipher?
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Feb 12 21:26:34 UTC 2016
> On Feb 12, 2016, at 4:06 PM, Phil Pearl <ppearl at zimbra.com> wrote:
>
> I have to agree. The docs on 'cipher' in no way convey that HIGH has
> any correlation to MTI (http://tools.ietf.org/html/rfc5246#section-9).
> My interpretation of the I IN MTI to mean "Implement" (an
> implementation detail necessary to meet the spec), but per the docs
> "HIGH" seems to indicate a choice of strength desired when running the
> software and therefore these seem a bit orthogonal.
>
> Is there no hope in softening that stance?
Well, it would be a major compatibility break for 1.0.2 and earlier, so
no go there. As for 1.1.0, folks who think that 3DES is realistically
the weakest link in the security of their TLS sessions are quite
misguided. If you are willing to disable TLS < 1.2, then feel free
to disable 3DES. Breaking compatibility for everyone else is not a
win. With TLS 1.3 AEAD is required, and 3DES goes away naturally.
--
Viktor.
More information about the openssl-dev
mailing list