[openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

Viktor Dukhovni openssl-users at dukhovni.org
Wed Feb 11 03:49:53 UTC 2015

On Wed, Feb 11, 2015 at 03:30:57AM +0000, Salz, Rich wrote:

> > By all means, don't use it, but it is not OpenSSL's choice to make by breaking
> > the meaning of existing interfaces.
> Except that we've explicitly stated we're breaking things with this new release.
> Those magic cipher keywords are point-in-time statements.  And time has moved on.

Those categories had and continue to have sensible definitions to
which the proposed changes would do unwarranted violence.

It is OK to drop EXPORT ciphers entirely.  It is OK to drop LOW
ciphers entirely.  Nobody is using either.

The deprecation of RC4 is still aspirational, and reclassifying it
as LOW breaks configurations where it is still needed.

It is largely sufficient to drop RC4 from the "DEFAULT" cipherlist,
leaving applications that make more fine-grained choices to make
their own RC4 decisions.

The DEFAULT cipherlist is a point-in-time definition, but EXPORT,
LOW, MEDIUM and HIGH have more precise expected semantics.

Libraries should only break compatibility when there is no choice.
Here there are many alternatives.  Including the "security level"
features already in the master release, which address the issue
more systematically.  This, plus further work on documenting NCONF,
publishing reasonably complete best-practice sample client and
server programs will do a lot more good than needlessly breaking
non-browser opportunistic TLS applications.


More information about the openssl-users mailing list