On 09/09/2014 00:42, Salz, Rich wrote:
We are considering removing weak cryptography from the value of DEFAULT. That is, append ":!LOW:!EXPORT"It is currently defined as this in include/openssl/ssl.h: #define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" Please let us know if you have strong objections to this.
In addition to removing the very-weak (less than 70 bits security) ciphers from the default list,this would be a good opportunity to reorder the default list (either via the define, or bettervia whatever internal priorities guide the interpretation of a similar user-provided list), tomaximize security, similar to what is checked e.g. by the online "ssllabs" checker. Basically: Prefer PFS suites to non-PFS suites (i.e. prefer EDH/ECDH to bare RSA) at each nominalsecurity level (256 bits, 192 bits, 128 bits, ...), also enable 0/n splitting (and/or prefer a stream cipher)for CBC encryption with older TLS protocol versions whenever the send timing makes them otherwise subject to BEAST. The latter is, by the way, the reason many systems have *recently* been configured to explicitly prefer RC4 as the only unbroken cipher compatible with servers or clients that don't protect against BEAST in other ways. To protect from the known RC4 repeated-plaintext vulnerability, one might consider adding rate limiting to some SSL/TLS protocol steps whenever RC4 is actually used. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
