[openssl-users] When ciphers are deprecated?
Mattia Rossi
rossimattia92 at gmail.com
Wed Nov 30 10:18:18 UTC 2016
Thanks Matt,
it's all i need!
2016-11-30 10:58 GMT+01:00 Matt Caswell <matt at openssl.org>:
>
>
> On 30/11/16 09:35, Mattia Rossi wrote:
>> Hi all,
>>
>> After updating from 1.0.2h to 1.0.2j some of my PHP script is broken,
>> because it can't connect to the server, after some research the server
>> supports very old TLSv1.0 ciphers.
>>
>> So i check what ciphers PHP query for and with different versions of
>> openssl i get different result, so in libssl 1.0.2h i have these
>> chipers:
>> - EDH-RSA-DES-CBC3-SHA
>> - DES-CBC3-SHA
>>
>> In the last version i haven't.
>>
>> Where is the information when ciphers are dropped? and why?
>
> These ciphers have not been dropped in 1.0.2, but reclassified from the
> "HIGH" cipherstring keyword to the "MEDIUM" cipherstring keyword. Major
> changes such as these are normally described in the CHANGES file:
>
> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/CHANGES
>
> In this case, the following entry is relevant:
>
>
> *) In order to mitigate the SWEET32 attack, the DES ciphers were moved
> from
> HIGH to MEDIUM.
>
> This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan
> Leurent (INRIA)
> (CVE-2016-2183)
> [Rich Salz]
>
>
> You can read more about SWEET32 here:
>
> https://www.openssl.org/blog/blog/2016/08/24/sweet32/
>
> Matt
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list