> On Feb 12, 2016, at 4:06 PM, Phil Pearl <[email protected]> wrote:
>
> I have to agree. The docs on 'cipher' in no way convey that HIGH has
> any correlation to MTI (http://tools.ietf.org/html/rfc5246#section-9).
> My interpretation of the I IN MTI to mean "Implement" (an
> implementation detail necessary to meet the spec), but per the docs
> "HIGH" seems to indicate a choice of strength desired when running the
> software and therefore these seem a bit orthogonal.
>
> Is there no hope in softening that stance?
Well, it would be a major compatibility break for 1.0.2 and earlier, so
no go there. As for 1.1.0, folks who think that 3DES is realistically
the weakest link in the security of their TLS sessions are quite
misguided. If you are willing to disable TLS < 1.2, then feel free
to disable 3DES. Breaking compatibility for everyone else is not a
win. With TLS 1.3 AEAD is required, and 3DES goes away naturally.
--
Viktor.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
