Ben Laurie wrote:
> OpenSSL has them disabled by default. But I am torn on this question:
> these new ciphersuites give greater strength than existing ones when
> interopping with export stuff. Is it sensible to refuse to add stronger
> ciphersuites? If it isn't, because they are crap, should we (the OpenSSL
> team) disable _all_ export ciphersuites?
Speaking as a user of OpenSSL... Today I can accept RC4-40 connection on my
servers from export browsers. For many of my applications, this is a
sufficient level of security (I refuse RC4-40 in applications where it is
important). As the export browsers migrate to DES, I want to be able to
accept them. After all, this would be an improvement. If OpenSSL were to
remove support for RC4-40 and DES, I would have to find another solution.
Refusing the connections is just not an option from a business perspective.
There it is.
Now blessing DES and RC4-40 from a standards perspective is another matter.
I will have discussions with the TLS Working Group about whether or not it
is appropriate to continue to include them in the standard. I know people
on this list would probably love to hear me state that I would refuse to
approve new versions if they included them. However for me to make such a
prejudicial statement is probably not appropriate until I have a chance to
have a discussion with the working group itself. You can guess my
sympathies!
-Jeff
