[openssl-dev] 3DES is a HIGH-strength cipher?
Viktor Dukhovni
openssl-users at dukhovni.org
Sat Feb 13 00:16:38 UTC 2016
> On Feb 12, 2016, at 6:55 PM, Richard Moore <richmoore44 at gmail.com> wrote:
>
> Personally I think the fact that HIGH includes ciphersuites that offer no MITM protection means that those who trust it have already been totally betrayed.
The correct way to use high-grade ciphers is.
"DEFAULT:!EXPORT:!LOW:!MEDIUM"
The various individual cipherlist building blocks are properly orthogonal,
and HIGH/MEDIUM/LOW/EXPORT covers only the symmetric algorithm strength.
One can also use it safely via constructs such as "HIGH:!aNULL:!aDSS:!kRSA"
(if say one also wants to disable DSA and RSA key transport).
--
--
Viktor.
More information about the openssl-dev
mailing list