[openssl-dev] 3DES is a HIGH-strength cipher?
Richard Moore
richmoore44 at gmail.com
Sat Feb 13 00:21:34 UTC 2016
On 13 February 2016 at 00:16, Viktor Dukhovni <openssl-users at dukhovni.org>
wrote:
>
> > On Feb 12, 2016, at 6:55 PM, Richard Moore <richmoore44 at gmail.com>
> wrote:
> >
> > Personally I think the fact that HIGH includes ciphersuites that offer
> no MITM protection means that those who trust it have already been totally
> betrayed.
>
> The correct way to use high-grade ciphers is.
>
> "DEFAULT:!EXPORT:!LOW:!MEDIUM"
>
> The various individual cipherlist building blocks are properly orthogonal,
> and HIGH/MEDIUM/LOW/EXPORT covers only the symmetric algorithm strength.
>
> One can also use it safely via constructs such as "HIGH:!aNULL:!aDSS:!kRSA"
> (if say one also wants to disable DSA and RSA key transport).
>
Yeah, the apache docs didn't say this for /many/ years and it was rejected
when I reported it as a security problem. The docs had been correct I
believe with some older versions of openssl but the more general point is
that users need a setting that doesn't require expertise, a decoder ring or
a secret handshake. I think we need to reach a point where DEFAULT is the
only sensible option for users without extensive expertise and means to
ensure that they don't make things worse by mistake. HIGH currently is a
dangerous option.
Rich.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160213/4c21075c/attachment.html>
More information about the openssl-dev
mailing list