On Thu, Nov 07, 2013, Salz, Rich wrote: > I think a better way to do this would be to have a config param that set the > minimum acceptable size. I.e., a #define >
I think the best option is to have a compile time default with a runtime override for this and other related issues. The idea being that an application wont by accident use weak parameters but if (for whatever reason) it really wants to it can override this. I hope to look at adding a more comprehensive set of checks for other issues with an appropriate API to support it. In general we could exclude anything with less than (say) 80 bits security strength by default with the overrides mentioned above. That would cover both attempts to configure such parameters (e.g. server gets an error when an attempt is made to configure weak parameters) and attempts to use them (client receives weak parameters from a server). I'd be interested in suggestions for "other related issues", for example: 1. Keys in certificate chains. For example 512 bit RSA keys. Again best a client can do is to reject them. 2. Use of weak ciphersuites. Does anyone still want/need export ciphersuites? For this we could not include weak ciphersuites in ClientHello on the client side and the server not pick them if a client indicates support. 3. Use of algorithms with known security weaknesses: for example MD5 in certificates. We already exclude MD2. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
