[openssl-users] openssl impact on CVE-2015-2808

Jeffrey Walton noloader at gmail.com
Mon Apr 6 18:36:35 UTC 2015


> Please correct me if my understanding is wrong, basically this attack is
> triggered based on the design of RC4.
> openssl is one of the implementers of RC4 algo.
There are biases in the stream created by RC4. In theory, and
adversary could use the biases to as a launchpad to recover plain text
(but I seem to recall it needs a lot of cipher text). RC4 has been
wounded again, but it has not been broken.

> I am not sure if there will be any design change or openssl will try to
> disable RC4 support...
Probably not. Just add "!RC4" to you cipher suite list to remove it if
you don't want it. For example, "HIGH:!ADH:!RC4:!MD5".

> But, Is disabling RC4 algo usage in the applications which are using openssl
> a better approach? Thanks
In TLS 1.2, you have the AES/GCM cipher suites. You also have the
upcoming ChaCha20/Poly1305 cipher suites. (ChaCha20/Poly1305  is
predicated on the TLS Working Group choosing to adopt them, see
https://www.ietf.org/mail-archive/web/tls/current/msg15722.html).

In TLS 1.1 and below, you only have block ciphers if you remove RC4.
You'll have to make due with AES/CBC (or another block cipher).

Jeff


More information about the openssl-users mailing list