Reducing the security bits for MD5 and SHA1 in TLS

Matt Caswell matt at openssl.org
Thu Jun 18 09:11:49 UTC 2020


I will start the OMC vote using the text as previously proposed.

Matt

On 18/06/2020 03:20, Tim Hudson wrote:
> Given that this change impacts interoperability in a major way it should
> be a policy vote of the OMC IMHO.
> 
> Tim.
> 
> 
> On Thu, 18 Jun 2020, 5:57 am Kurt Roeckx, <kurt at roeckx.be
> <mailto:kurt at roeckx.be>> wrote:
> 
>     On Wed, May 27, 2020 at 12:14:13PM +0100, Matt Caswell wrote:
>     > PR 10787 proposed to reduce the number of security bits for MD5
>     and SHA1
>     > in TLS (master branch only, i.e. OpenSSL 3.0):
>     >
>     > https://github.com/openssl/openssl/pull/10787
>     >
>     > This would have the impact of meaning that TLS < 1.2 would not be
>     > available in the default security level of 1. You would have to
>     set the
>     > security level to 0.
>     >
>     > In my mind this feels like the right thing to do. The security bit
>     > calculations should reflect reality, and if that means that TLS <
>     1.2 no
>     > longer meets the policy for security level 1, then that is just the
>     > security level doing its job. However this *is* a significant breaking
>     > change and worthy of discussion. Since OpenSSL 3.0 is a major
>     release it
>     > seems that now is the right time to make such changes.
>     >
>     > IMO it seems appropriate to have an OMC vote on this topic (or
>     should it
>     > be OTC?). Possible wording:
> 
>     So should that be an OMC or OTC vote, or does it not need a vote?
> 
> 
>     Kurt
> 


More information about the openssl-project mailing list