Re: [openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

2015-11-15 Thread Matt Caswell
On 15/11/15 21:16, Viktor Dukhovni wrote: > Is the pain worth the gain? I'm inclined to think that dropping > TLS ciphersuite code points, and assembly support, is a rather > sensible first step. I agree with this. I am wary of dropping too much too quickly. Matt _

Re: [openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

2015-11-15 Thread Viktor Dukhovni
On Sun, Nov 15, 2015 at 09:14:43PM +0100, Richard Levitte wrote: > openssl-users> If the engine is not automatically loaded, then scripting > languages > openssl-users> that provide wrappers around the various algorithms [break], > as does other > openssl-users> software that needs the legacy al

Re: [openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

2015-11-15 Thread Richard Levitte
In message <20151115170948.ga18...@mournblade.imrryr.org> on Sun, 15 Nov 2015 17:09:48 +, Viktor Dukhovni said: openssl-users> On Sun, Nov 15, 2015 at 01:11:37PM +0100, Richard Levitte wrote: openssl-users> openssl-users> > pl> It is perhaps time to split crypto library in two libraries ope

Re: [openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

2015-11-15 Thread Viktor Dukhovni
On Sun, Nov 15, 2015 at 01:11:37PM +0100, Richard Levitte wrote: > pl> It is perhaps time to split crypto library in two libraries > pl> libcryptolegacy and libcryptostrong... > pl> > pl> My two cents. > > I though could be to make a "legacy" engine that holds the removed > crypto algos. It cou

Re: [openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

2015-11-15 Thread Viktor Dukhovni
On Sun, Nov 15, 2015 at 10:24:02AM +, Loganaden Velvindron wrote: > Perhaps, it might be worth looking at what LibreSSL has already > removed without affecting their 3rd party packages ? There are not many arms-length packages for OpenBSD, the ports are maintained by the same crowd as the OS.

Re: [openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

2015-11-15 Thread Richard Levitte
In message <564846e4.4060...@artisanlogiciel.net> on Sun, 15 Nov 2015 09:48:36 +0100, pl said: pl> On 14/11/2015 18:32, Viktor Dukhovni wrote: pl> > The proposed list was: pl> > pl> > CAST pl> > IDEA pl> > MDC2 pl> > MD2 [ already disabled by default ] pl> > RC5 [ already dis

Re: [openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

2015-11-15 Thread Loganaden Velvindron
On Sun, Nov 15, 2015 at 8:48 AM, pl wrote: > On 14/11/2015 18:32, Viktor Dukhovni wrote: >> On Sat, Nov 14, 2015 at 07:32:33AM +, Peter Waltenberg wrote: >> >>>I also can't see any point expunging old algorithms from the sources, >>>making them not build by default should be enough. >>

[openssl-dev] [openssl.org #4141] GOST ciphersuites

2015-11-15 Thread Dmitry Belyavsky via RT
Hello! In the commit 5e3d21fef150f020e2d33439401da8f7e311aa24 you set the SSL_SSLV3 for the GOST ciphersuites. But the GOST ciphersuites are not usable with SSLv3, they require TLSv1. Could you turn the flag back for the GOST ciphersuites? Thank you! -- SY, Dmitry Belyavsky __

Re: [openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

2015-11-15 Thread pl
On 14/11/2015 18:32, Viktor Dukhovni wrote: > On Sat, Nov 14, 2015 at 07:32:33AM +, Peter Waltenberg wrote: > >>I also can't see any point expunging old algorithms from the sources, >>making them not build by default should be enough. > It is difficult enough to maintain code that is ty