Hi, On Tue, 10 Feb 2015 21:46:46 +0000 Viktor Dukhovni <openssl-us...@dukhovni.org> wrote:
> Changing the definitions of EXPOR, LOW, MEDIUM introduces significant > compatibility issues for opportunistic TLS (e.g. Postfix) where > RC4 is still required for interop and is better than cleartext. Let me add some infos that may change the picture of RC4. From what I understand we talk about the next openssl version, which is likely still many months away. Until then a couple of things will likely happen: * The IETF has a draft to deprecate and explicitely forbid RC4 which will probably be an RFC by that time [1] * There are two yet unpublished new attacks on RC4 where only preliminary info is available [2] [3] So by the time openssl 1.0.3 or 1.1.0 or whatever it'll be called will be released we'll likely have an official document stating that using RC4 violates the standard. And we'll probably have more attacks (of course this point is a bit speculative, because they are unpublished yet). If anyone uses an RC4 only configuration then you should tell them to stop doing so. Now. Another thing people may find interesting: Chromium recently started to declare everything not PFS/AEAD as obsolete crypto. I like that and I hope Google (and others) will do more steps in that direction. Maybe that'll also change the picture on what should be considered "HIGH". The CBC modes are currently in a state that could be described at "there are some attacks, they're not really that practical and we have some mitigations in place". That's not super-worrying, but it's really not the thing I'd call a "HIGH" security cipher. [1] https://tools.ietf.org/html/draft-ietf-tls-prohibiting-rc4-01 [2] https://i.imgur.com/0myz7Zm.jpg [3] https://www.blackhat.com/asia-15/briefings.html#bar-mitzva-attack-breaking-ssl-with-13-year-old-rc4-weakness cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
pgp3WfFXnHCdN.pgp
Description: OpenPGP digital signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev