[openssl-users] When ciphers are deprecated?
rossimattia92 at gmail.com
Wed Nov 30 10:18:18 UTC 2016
it's all i need!
2016-11-30 10:58 GMT+01:00 Matt Caswell <matt at openssl.org>:
> On 30/11/16 09:35, Mattia Rossi wrote:
>> Hi all,
>> After updating from 1.0.2h to 1.0.2j some of my PHP script is broken,
>> because it can't connect to the server, after some research the server
>> supports very old TLSv1.0 ciphers.
>> So i check what ciphers PHP query for and with different versions of
>> openssl i get different result, so in libssl 1.0.2h i have these
>> - EDH-RSA-DES-CBC3-SHA
>> - DES-CBC3-SHA
>> In the last version i haven't.
>> Where is the information when ciphers are dropped? and why?
> These ciphers have not been dropped in 1.0.2, but reclassified from the
> "HIGH" cipherstring keyword to the "MEDIUM" cipherstring keyword. Major
> changes such as these are normally described in the CHANGES file:
> In this case, the following entry is relevant:
> *) In order to mitigate the SWEET32 attack, the DES ciphers were moved
> HIGH to MEDIUM.
> This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan
> Leurent (INRIA)
> [Rich Salz]
> You can read more about SWEET32 here:
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users