On Nov 20, 2012, at 12:47 , "Dr. Stephen Henson" <st...@openssl.org> wrote:
> On Tue, Nov 20, 2012, Dr. Stephen Henson wrote: > >> On Fri, Nov 16, 2012, Rainer Canavan wrote: >> >>> >>> Since openssl is part of a product that we ship, would you consider moving >>> RC4-MD5 to the front of the cipher list by default a good idea, or are there >>> drawbacks that I overlooked, or would this even be preferred, since RC4 has >>> been propagated as a mitigating method for the so called BEAST attack? >>> >> >> Whether BEAST is a problem or not depends on your product. I believe (someone >> correct me if I'm wrong) that for BEAST to work an attacker needs to be able >> to adaptively inject plaintext which then gets encrypted using the session >> parameters. If there is no mechanism to do that in your product you aren't >> vulnerable to BEAST at all so using AES in CBC mode is fine. It is possible that our customers use our product in a way that permits plaintext injection (e.g. javascript into am HTTP response transmitted over open WiFi networks). > Just to clarify that: your description implies your product is an SSL/TLS > client which can connect to various servers. > > Do you need to set SSL_OP_ALL in your product? We're using lib curl for the client bit of our products, and that already sets SSL_OP_ALL (minus SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG, SSL_OP_NO_TICKET and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS). I've just tested openssl 1.0.1c and 0.9.8x with various options (-DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50, modified cipher order) on all 128 SSL Servers I could find in our logs from yesterday. It turns out that all work flawlessly with openssl 0.9.8, and 12 don't work with 1.0.1c for some combination of those options. Since at most 2 or 3 of the 12 servers work with any combination of the options and different subsets work or fail depending on the options, I've concluded that this is a fruitless endeavour, and our users will just have to manually force SSLv3 or TLSv1 for the affected servers (which works for 100% of the servers even with 1.0.1c). regards, rainer______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
