On Fri, Mar 28, 2014 at 05:23:45PM +0000, Tim Hollebeek wrote:
> Windows XP is no longer a supported operating system. If you
> require compatibility with it, use a non-default cipher suite. It
> really is time for RC4-SHA1 to go away.
That's nice, but wishing it, does not make it so. There are still
many Windows 2003 servers running IIS and Exchange 2007, that only
support RC4-SHA1.
Making a deployed system more secure is largely engineering, not
mathematics and there are trade-offs to consider, and some naive
attempts to increase security weaken it instead.
Just because SP-800 lives in a legacy-free utopia of balanced
algorithms, does not mean that one should follow SP-800 to the
letter. In the real world better security is sometimes attained
by not following SP-800 too closely.
Many of these bar-raising exercises, run entirely counter to recent
efforts at IETF to promote "opportunistic security", where you do
the best you can to resist pervasive monitoring, even if it means
less strong minimum security (unauthenticated, ...).
The primary threat is not pervasive brute-forcing of somewhat
tarnished existing crypto, rather it is the vast majority of
traffic that is in the clear.
Raising the bar to the point where many applications are not
tall enough to take the ride is counter-productive.
TLS negotiates most parameter values to the strongest mutually
available (DH prime size a notable exception), and after providing
a high-enough ceiling of strong algorithms, one should be cautious
about raising the floor.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
