[openssl-users] [openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback
emilia at openssl.org
Mon Nov 16 18:51:08 UTC 2015
One more time,
I know that someone, somewhere is probably using any given feature of
OpenSSL. I am looking to gather information about concrete, actively
maintained applications that may be using one of those algorithms, to build
a more complete picture.
If you are aware of a concrete use of MD2 or any of the other algorithms,
please let us know!
On Mon, Nov 16, 2015 at 7:25 PM, Hubert Kario <hkario at redhat.com> wrote:
> On Monday 16 November 2015 16:51:10 Emilia Käsper wrote:
> > IDEA, MD2, MDC2, RC5, RIPEMD, SEED, Whirlpool, binary curves
> > This isn't of course entirely representative of widespread usage.
> > However Google's multi-billion line codebase now builds against
> > BoringSSL and therefore largely does not depend on these algorithms.
> > Those billions of lines aren't all new and shiny code written in
> > 2015, and some of it does have to interoperate with the outside
> > world.
> > And here's the list gone from LibreSSL, from what I can tell:
> > MD2, MDC2, RC5, SEED
> > Neither have removed CAST, and there is presumably a good reason for
> > that. (PGP?)
> > It seems to me that these can pretty safely go:
> > MD2 - (The argument that someone somewhere may want to keep verifying
> > old MD2 signatures on self-signed certs doesn't seem like a
> > compelling enough reason to me. It's been disabled by default since
> > OpenSSL 1.0.0.) MDC2
> > SEED
> > RC5
> > These could probably stay (C only):
> > CAST
> > IDEA
> > RIPEMD (used in Bitcoin?)
> > WHIRLPOOL
> > as well as
> > BLOWFISH
> > MD4
> > RC2
> > I am on the fence about the binary curves: I am not aware of any
> > usage, really, and it's not about to pick up now.
> I'm afraid you're too focused on TLS/SSL use case. And while it is
> important it's not the only use case the OpenSSL does serve.
> And for what it's worth, I'm very much *for* removing as much (and as
> fast as possible) support for the old junk (or unused stuff - like
> curves < 256 bit) in TLS. Search the archives for "Insecure DEFAULT
> cipher set" for an example.
> But stuff like this:
> > The argument that someone somewhere may want to keep verifying
> > old MD2 signatures on self-signed certs
> is not true. I was talking about document signatures, time stamps, CRL
> signatures and certificate signatures in general. Not the trust anchors
> or their self-signatures.
> Hubert Kario
> Senior Quality Engineer, QE BaseOS Security team
> Web: www.cz.redhat.com
> Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users