On Fri, May 02, 2014 at 09:49:47AM -0400, Salz, Rich wrote: > >Steve, have you considered trimming the DEFAULT cipher list? > >It's currently... > >#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" > > I wonder how many of these ciphers are actually ever negotiated in > > real-world use. > > I'm forwarding a bit of internal discussion; hope it's useful. This is from > one of our chief info-sec people: > My weak opinion is that cipher brokenness is most important (so put 3DES and > RC4 last, and the AEAD modes ahead of the MAC-then-encrypt modes), followed > by hash strength, followed by PFS presence, followed by SHA and AES bit > length. I think that would give us:
As I understand things, RC4 needs to be before 3DES because some exchange servers have broken 3DES and don't support anything else. > ECDHE-ECDSA-AES256-GCM-SHA384 > ECDHE-ECDSA-AES256-GCM-SHA256 I don't this one exists and you meant the next one. > ECDHE-ECDSA-AES128-GCM-SHA256 > ECDHE-RSA-AES256-GCM-SHA384 > ECDHE-RSA-AES128-GCM-SHA256 > AES256-GCM-SHA384 > AES128-GCM-SHA256 > ECDHE-ECDSA-AES256-SHA384 > ECDHE-ECDSA-AES256-SHA256 > ECDHE-ECDSA-AES128-SHA256 > ECDHE-RSA-AES256-SHA384 > ECDHE-RSA-AES128-SHA256 > AES256-SHA256 > AES128-SHA256 > AES128-SHA > RC4-SHA > DES-CBC3-SHA I'm not really a fan of the ECDSA ciphers and would really put RSA in front of ECDSA, or remove them. You could optionally also remove all the AES256 versions. Since it's SMTP, you could also add anonymous ciphers. Anyway, a list of ciphers isn't that useful, the CIPHER_LIST to get the needed ones is probably more useful. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
