[openssl-users] is there an API to list all the TLS 1.3 cipher suite names?
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Jan 9 03:44:07 UTC 2019
On Wed, Jan 09, 2019 at 03:27:44AM +0000, Jordan Brown wrote:
> > Is there a good reason to want to change or freeze them at this time?
>
> Our products allow the user to enable and disable individual ciphers, to
> allow for both customer policy (e.g. a customer-specific approved-cipher
> list) and for the possibility that one is found to be vulnerable. They
> are "quite safe" today... but what about tomorrow?
The ciphersuites in TLS 1.3, are just the symmetric bulk encryption
algorithms coupled with a PRF (HKDF).
So what you get is AESGCM with SHA2 or CHACHA20 with Poly1305.
Breaks in either would be dramatic advances in cryptanalysis. While
protocol designs are brittle, and public key algorithms are potentially
vulnerable to attack by future universal quantum computers, the
basic building blocks of modern symmetric cryptography are looking
quite robust for the forseeable future. We're no longer dealing
with 1970's or 1980's designs like DES and RC4.
Yes, they could perhaps be broken, but there's precious little
evidence of that happening any time soon.
You could just provide a free-form emergency string parameter that
users are advised to not change unless some major advance makes it
necessary. At that time, advice can be published as to what the
override setting should be.
--
Viktor.
More information about the openssl-users
mailing list