On Monday 17 August 2015 15:54:03 Viktor Dukhovni wrote: > On Fri, Jul 31, 2015 at 05:37:20PM +0000, Viktor Dukhovni wrote: > > Which ciphers are actually needed by PSK users? My hope is that > > at this point RC4 and 3DES are not. It is highly likely that CBC > > AES-CBC is needed, perhaps also Camellia, but the question is I > > think worth asking. > > So what's the final resolution of this? Should we keep or drop > the new PSK RC4 and PSK 3DES codepoints: > > TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA > TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA
how do you define "remove"? 1. not part of DEFAULT, part of ALL? 2. part of COMPLEMENTOFALL 3. behind compile time option 4. behind #if 0 5. actually removed from source 1-3 are fine by me, 4 I wouldn't like, I'm against 5 > On a related note (for those also reading the TLS WG list), any > thoughts on deprecating any or all of the kDHr, kDHd, kECDHr, kECDHe > ciphers? if "deprecate" means 1) or 2), I'm all for it -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev