----- Original Message ----- > From: "John Foley" <fol...@cisco.com> > To: openssl-dev@openssl.org > Sent: Friday, May 2, 2014 3:58:37 PM > Subject: Re: [openssl.org #3336] 1.0.1g breaks IronPORT SMTP appliance > (padding extension) > > How prevalent is RC4 today? While web browsers still advertise RC4 > cipher suites, how often do you see RC4 cipher suites advertised by the > client and no AES or 3DES suites advertised? Does Akamai have any data > on this? Maybe RC4 should now be disabled by default.
After scanning Alexa top 1 million sites (as a semi-representative sample) the stats look like this: RC4 Supported 268298 87.8859% RC4 Only 5418 1.7748% RC4 Preferred 59552 19.5073% RC4 preferred in TLS1.1+ 31737 10.396% > On 05/02/2014 09:49 AM, Salz, Rich wrote: > >> Steve, have you considered trimming the DEFAULT cipher list? > >> It's currently... > >> #define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" > >> I wonder how many of these ciphers are actually ever negotiated in > >> real-world use. > > I'm forwarding a bit of internal discussion; hope it's useful. This is > > from one of our chief info-sec people: > > My weak opinion is that cipher brokenness is most important (so put 3DES > > and RC4 last, and the AEAD modes ahead of the MAC-then-encrypt modes), RC4 is broken, 3DES is just weak (as weak as 2048 bit RSA), you shouldn't put RC4 before 3DES > > followed by hash strength, followed by PFS presence, followed by SHA and It could be argued that even MD5 is secure when used as PRF or HMAC. SHA-1 when used as a PRF or HMAC has a higher security margin than AES-128. See http://openssl.6102.n7.nabble.com/Insecure-DEFAULT-cipher-set-td48995.html for in depth discussion. > > AES bit length. I think that would give us: > > > > ECDHE-ECDSA-AES256-GCM-SHA384 > > ECDHE-ECDSA-AES256-GCM-SHA256 > > ECDHE-ECDSA-AES128-GCM-SHA256 > > ECDHE-RSA-AES256-GCM-SHA384 > > ECDHE-RSA-AES128-GCM-SHA256 > > AES256-GCM-SHA384 > > AES128-GCM-SHA256 > > ECDHE-ECDSA-AES256-SHA384 > > ECDHE-ECDSA-AES256-SHA256 > > ECDHE-ECDSA-AES128-SHA256 > > ECDHE-RSA-AES256-SHA384 > > ECDHE-RSA-AES128-SHA256 > > AES256-SHA256 > > AES128-SHA256 > > AES128-SHA > > RC4-SHA > > DES-CBC3-SHA > > > > -- > > Principal Security Engineer > > Akamai Technologies, Cambridge, MA > > IM: rs...@jabber.me; Twitter: RichSalz > > > > :��I"Ϯ��r�m����(���Z+�7�zZ)���1���x��h���W^��^��%�� > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Email: hka...@redhat.com Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
