oss-sec mailing list archives
Re: openssl default ciphers
From: Mike <mikedawg () gmail com>
Date: Mon, 4 Nov 2013 11:47:12 -0700
RC4 should absolutely not be included. RC4 is just as broken, if not broken worse than other cryptographic algorithms. I recommend you check out Matthew Green's blog: http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html If you search around, you can find similar stories of problems with RC4 (like this one from Qualys: https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls ) Mike On Mon, Nov 4, 2013 at 11:41 AM, Stefan Bühler <stbuehler () lighttpd net> wrote:
On Mon, 4 Nov 2013 18:49:06 +0100 Hanno Böck <hanno () hboeck de> wrote:On Mon, 4 Nov 2013 18:16:30 +0100 Stefan Bühler <stbuehler () lighttpd net> wrote:Is 'DEFAULT@STRENGTH:!LOW:!EXP' (should be similar to 'HIGH:MEDIUM:!aNULL') a reasonably default?SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL@STRENGTH should be fine. There are basically near zero browsers out there that should have any problems with that. Even dinosaurs like IE6 can work with this, you don't need "medium" ciphers as long as you don't want to make a site accessible to browser museums.There is no difference to HIGH:!aNULL on my system. I don't see why HIGH:!MEDIUM:!LOW could be not equal to HIGH anyway...And looking at what medium includes that high doesn't, it seems you really don't want that ancient cipher suites: -DHE-RSA-SEED-SHA -DHE-DSS-SEED-SHA -SEED-SHA -IDEA-CBC-SHA -IDEA-CBC-MD5 -RC2-CBC-MD5 -ECDHE-RSA-RC4-SHA -ECDHE-ECDSA-RC4-SHA -ECDH-RSA-RC4-SHA -ECDH-ECDSA-RC4-SHA -RC4-SHA -RC4-MD5 -RC4-MD5 -PSK-RC4-SHAThis is not what I get for "MEDIUM" (debian testing); I see only SEED + RC4; RC2 is an export cipher; wikipedia has some stuff on IDEA, and it seems indeed "ancient". SEED might be more relevant (for Korea...), and RC4 is having a big comeback due to the BEAST attack. I think due to BEAST a default collection should include RC4; that is why I included MEDIUM.
-- Mike
Current thread:
- openssl default ciphers Stefan Bühler (Nov 04)
- Re: openssl default ciphers Daniel Kahn Gillmor (Nov 04)
- Re: openssl default ciphers Eric H. Christensen (Nov 04)
- Re: openssl default ciphers Hanno Böck (Nov 04)
- Re: openssl default ciphers Russ Allbery (Nov 04)
- Re: openssl default ciphers Stefan Bühler (Nov 04)
- Re: openssl default ciphers Mike (Nov 04)
- Re: openssl default ciphers Eric H. Christensen (Nov 04)
- Re: openssl default ciphers leToff (Nov 04)
- Re: openssl default ciphers Stefan Bühler (Nov 05)
- Re: openssl default ciphers Florian Weimer (Nov 05)