[openssl-users] openssl impact on CVE-2015-2808
noloader at gmail.com
Mon Apr 6 18:36:35 UTC 2015
> Please correct me if my understanding is wrong, basically this attack is
> triggered based on the design of RC4.
> openssl is one of the implementers of RC4 algo.
There are biases in the stream created by RC4. In theory, and
adversary could use the biases to as a launchpad to recover plain text
(but I seem to recall it needs a lot of cipher text). RC4 has been
wounded again, but it has not been broken.
> I am not sure if there will be any design change or openssl will try to
> disable RC4 support...
Probably not. Just add "!RC4" to you cipher suite list to remove it if
you don't want it. For example, "HIGH:!ADH:!RC4:!MD5".
> But, Is disabling RC4 algo usage in the applications which are using openssl
> a better approach? Thanks
In TLS 1.2, you have the AES/GCM cipher suites. You also have the
upcoming ChaCha20/Poly1305 cipher suites. (ChaCha20/Poly1305 is
predicated on the TLS Working Group choosing to adopt them, see
In TLS 1.1 and below, you only have block ciphers if you remove RC4.
You'll have to make due with AES/CBC (or another block cipher).
More information about the openssl-users