Hanno Böck wrote:
Hello,
I have no particular insight on the prevalence of TLS 1.0/1.1 these
days, but I want to make a more general comment.
My impression of OpenSSL is that it has a strong tendency to ship
"bloat", i.e., features that either barely anyone needs, but that still
get added (remember Heartbeat extension?), or that should've been
deprecated long ago.
If this effort to deprecate old protocols is a sign that this is
changing, I welcome this. I'd recommend to have a look at other things
in the OpenSSL codebase that should be trimmed.
That actually raises another question: what is actually to be gained
from deprecating TLS1.0/1.1? Did the protocol significantly change or
is the only major difference new cipher suites?
In other words, what non-trivial code paths would dropping TLS1.0/1.1
entirely allow removing? (Concatenating SHA1+MD5 is trivial.)
I also think there's probably potential to remove some obsolete
ciphers (DSA?).
While DSA is definitely obsolete (advances in conventional computing
have begun to approach the ability to plausibly solve 1024-bit keys, and
DSA keys *MUST* be 1024-bit, supposedly to facilitate smartcard
implementations), OpenSSL is also a general cryptographic library and
applications can use its primitives for other purposes. In particular,
this means that dropping TLS1.0/1.1 cipher suites does *not* mean you
can drop the ciphers that were used in those suites.
-- Jacob
