oss-sec mailing list archives

Re: openssl default ciphers

From: Mike <mikedawg () gmail com>
Date: Mon, 4 Nov 2013 11:47:12 -0700

RC4 should absolutely not be included.

RC4 is just as broken, if not broken worse than other cryptographic
algorithms. I recommend you check out Matthew Green's blog:
http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html

If you search around, you can find similar stories of problems with
RC4 (like this one from Qualys:
https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls
 )

Mike

On Mon, Nov 4, 2013 at 11:41 AM, Stefan Bühler <stbuehler () lighttpd net> wrote:

On Mon, 4 Nov 2013 18:49:06 +0100
Hanno Böck <hanno () hboeck de> wrote:

On Mon, 4 Nov 2013 18:16:30 +0100
Stefan Bühler <stbuehler () lighttpd net> wrote:

Is 'DEFAULT@STRENGTH:!LOW:!EXP' (should
be similar to 'HIGH:MEDIUM:!aNULL') a reasonably default?


SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL@STRENGTH
should be fine. There are basically near zero browsers out there that
should have any problems with that. Even dinosaurs like IE6 can work
with this, you don't need "medium" ciphers as long as you don't want
to make a site accessible to browser museums.


There is no difference to HIGH:!aNULL on my system. I don't see why
HIGH:!MEDIUM:!LOW could be not equal to HIGH anyway...

And looking at what medium includes that high doesn't, it seems you
really don't want that ancient cipher suites:
-DHE-RSA-SEED-SHA
-DHE-DSS-SEED-SHA
-SEED-SHA
-IDEA-CBC-SHA
-IDEA-CBC-MD5
-RC2-CBC-MD5
-ECDHE-RSA-RC4-SHA
-ECDHE-ECDSA-RC4-SHA
-ECDH-RSA-RC4-SHA
-ECDH-ECDSA-RC4-SHA
-RC4-SHA
-RC4-MD5
-RC4-MD5
-PSK-RC4-SHA


This is not what I get for "MEDIUM" (debian testing); I see only SEED +
RC4; RC2 is an export cipher; wikipedia has some stuff on IDEA, and it
seems indeed "ancient". SEED might be more relevant (for Korea...), and
RC4 is having a big comeback due to the BEAST attack.

I think due to BEAST a default collection should include RC4; that is
why I included MEDIUM.




-- 
Mike

Current thread:

openssl default ciphers Stefan Bühler (Nov 04)
- Re: openssl default ciphers Daniel Kahn Gillmor (Nov 04)
- Re: openssl default ciphers Eric H. Christensen (Nov 04)
- Re: openssl default ciphers Hanno Böck (Nov 04)
  - Re: openssl default ciphers Russ Allbery (Nov 04)
  - Re: openssl default ciphers Stefan Bühler (Nov 04)
    - Re: openssl default ciphers Mike (Nov 04)
    - Re: openssl default ciphers Eric H. Christensen (Nov 04)
    - Re: openssl default ciphers leToff (Nov 04)
    - Re: openssl default ciphers Stefan Bühler (Nov 05)
- Re: openssl default ciphers Reed Loden (Nov 04)
  - Re: openssl default ciphers Florian Weimer (Nov 05)