On Wed, May 20, 2015 at 11:31:00PM +0200, Kurt Roeckx wrote: > On Wed, May 20, 2015 at 08:58:54PM +0000, mancha wrote: > > On Wed, May 20, 2015 at 07:17:43PM +0200, Kurt Roeckx wrote: > > > On Wed, May 20, 2015 at 07:11:42AM +0000, mancha wrote: > > > > Hello. > > > > > > > > Given Adrien et al. recent paper [1] together with their > > > > proof-of-concept attacks against 512-bit DH groups [2], it might > > > > be a good time to resurrect a discussion Daniel Kahn Gillmor has > > > > started here in the past. > > > > > > Please see > > > http://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ > > > > > > > > > Kurt > > > > Hi Kurt. Thanks for the link and congrats to EK for a well-written > > blog. > > > > A few questions... > > > > 1. On ECC: > > > > Did I correctly understand that starting with 1.0.2b, OpenSSL > > clients will only include secp256r1, secp384r1, and secp521r1 on the > > prime side and sect283k1, sect283r1, sect409k1, sect409r1, > > sect571k1, sect571r1 on the binary side in supported elliptic curves > > extensions? > > It also has the 3 brainpool curves and secp256k1.
Yep, forgot about the addition of brainpool curves in 1.0.2. > > Will OpenSSL consider making this change in 1.0.1 as well? > > 1.0.1 doesn't support the auto ecdh, so we at least can't do exactly > the same there. But maybe we should also update the default used by > the client? The following pull request for 1.0.1-stable removes elliptic curves that provide less than the equivalent of 128 bits of symmetric key security from the list clients announce via supported elliptic curves extensions. https://github.com/openssl/openssl/pull/288 --mancha
pgpwM1VYrPaan.pgp
Description: PGP signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev