[openssl-users] How to disable all EXPORT Ciphers?

Dave Thompson dthompson at prinpay.com
Tue Mar 10 21:07:47 UTC 2015

> From: openssl-users On Behalf Of Viktor Dukhovni
> Sent: Monday, March 09, 2015 12:47

> On Mon, Mar 09, 2015 at 02:23:53PM +0530, Deepak wrote:
> > with SSL_CTX_set_cipher_list() be good enough to disable EXPORT40, 56
> and 1024?
You only need worry about the original exports retronymed EXPORT40.
EXPORT56 was a draft RFC that was not adopted, and the SSL_CIPHER 
blocks still in source are disabled by a macro hardcoded in tls1.h (q.v.).
"EXP1024-blah" would be the names of the nonexistent EXPORT56 ciphers.

> Note that doing so does not address the FREAK CVE in SSL clients.  Even
> with EXPORT ciphers disabled they are still vulnerable, unless patched!

> As for your proposed cipherlist it is too exotic.
>     * ALL:!ADH is simply DEFAULT.  DEFAULT already prefers PFS (including
>       ECDHE) and is sorted by strength.
For 1.0.0+ DEFAULT is ALL:!aNULL:!eNULL:!SSLv2; !aNULL disables both 
ADH and AECDH. (0.9.8 excludes all ECC, including AECDH, unless ECCdraft.)
!eNULL actually has no effect because ALL already excludes it; if you want 
eNULL (you shouldn't) you need the absurd-looking COMPLEMENTOFALL.

>     * DES is a subset of LOW
In fact DES is the only algorithm in LOW. (In math a set is a subset of
and also a superset of itself but laypeople often don't expect that.)

>     * I would also disable SSLv2, which is a subset of MD5, so I generally
>       disable that instead which also drops the SSLv3's RC4-MD5 leaving
>       for interop.  Note for many applications RC4 is no longer supposed
to be
>       used, consider whether disabling RC4 is appropriate for you.
And disabling SSLv2 *ciphers* has the good effect of disabling SSLv2
even if old or poor code calls SSLv23 and doesn't explicitly OP_NO_SSLv2. 

> Therefore, I'd suggest:
> Which keeps things simple by starting with DEFAULT and removing
> what you want to disable.

More information about the openssl-users mailing list