On 2014-01-26 12:07:52 [+0100], Kurt Roeckx wrote: > > An acceptable default would be HIGH:MEDIUM:!aNULL:!eNULL:!MD5. > > Even that will not be good enough for some people, but it would > clerly be better than the current defaults. > > I guess the problem with changing the default is that nobody is > using the default because it doesn't make any sense, so the impact > of changing the default in openssl will be small. > > I would also like to point out that the !MD5 there only disables > RC4-MD5 and RC4 is the weakest part and that there is nothing > wrong with the use of MD5 like it is there.
RFC6151 kind of deprecates the usage of MD5. > I also have to disagree with your comment in #736287 about > IE on XP. It does not support anything that provides 128 bit of > security. 3DES only has 112 bit, and everybody recommends > disabling RC4. For the rest it also only supports weak ciphers. yup, RC4 should go. > Anyway, I'm open to have the defaults changed in Debian even if > upstream doesn't want to do it. I wonder if I have to go with the > bettercrypto.org recommendations in that case and so also disable > RC4, 3DES and SEED. But I find myself wanting to do GCM only and > go for their configuration A. What is wrong with SEED? Just that nobody is using it? If I grep my logs I see iPhone OS 8_1_1 doing ECDHE-RSA-AES256-SHA384 and some bots doing TLSv1. Everyone else seems to go for GCM. > > Kurt > Sebastian