Do we really want to have the legacy provider as opt-in only?

Benjamin Kaduk kaduk at mit.edu
Fri Jul 19 23:43:35 UTC 2019


On Mon, Jul 15, 2019 at 02:19:22PM +0100, Matt Caswell wrote:
> 
> 
> On 15/07/2019 13:58, Tomas Mraz wrote:
> 
> > 
> > I understand that for the current digest algos implemented in the
> > legacy provider the problem might not be as pressing as these
> > algorithms are not widely used however which other algorithms are going
> > to be moved into the legacy provider?
> 
> My guess is that the ones likely to give us the most problems would be DES, DSA
> and RC4

To add a bit of anecdata, Debian and Fedora are removing DES support from
(MIT) krb5.  So far all we've seen as bug reports are that the kernel may
still have that enctype in its list to use for NFS (as well as other,
still-useful, ones), and so we need to ignore it instead of bailing.
But given that it provides only ca. $20 of protection, it's not especially
surprising that we aren't seeing much using it.

On the other hand, krb5 is not going around and disabling RC4, even though
RFC 8429 is a thing.

-Ben


More information about the openssl-project mailing list