On 15/11/15 21:16, Viktor Dukhovni wrote:
> Is the pain worth the gain? I'm inclined to think that dropping
> TLS ciphersuite code points, and assembly support, is a rather
> sensible first step.
I agree with this. I am wary of dropping too much too quickly.
Matt
_
On Sun, Nov 15, 2015 at 09:14:43PM +0100, Richard Levitte wrote:
> openssl-users> If the engine is not automatically loaded, then scripting
> languages
> openssl-users> that provide wrappers around the various algorithms [break],
> as does other
> openssl-users> software that needs the legacy al
In message <20151115170948.ga18...@mournblade.imrryr.org> on Sun, 15 Nov 2015
17:09:48 +, Viktor Dukhovni said:
openssl-users> On Sun, Nov 15, 2015 at 01:11:37PM +0100, Richard Levitte wrote:
openssl-users>
openssl-users> > pl> It is perhaps time to split crypto library in two libraries
ope
On Sun, Nov 15, 2015 at 01:11:37PM +0100, Richard Levitte wrote:
> pl> It is perhaps time to split crypto library in two libraries
> pl> libcryptolegacy and libcryptostrong...
> pl>
> pl> My two cents.
>
> I though could be to make a "legacy" engine that holds the removed
> crypto algos. It cou
On Sun, Nov 15, 2015 at 10:24:02AM +, Loganaden Velvindron wrote:
> Perhaps, it might be worth looking at what LibreSSL has already
> removed without affecting their 3rd party packages ?
There are not many arms-length packages for OpenBSD, the ports are
maintained by the same crowd as the OS.
In message <564846e4.4060...@artisanlogiciel.net> on Sun, 15 Nov 2015 09:48:36
+0100, pl said:
pl> On 14/11/2015 18:32, Viktor Dukhovni wrote:
pl> > The proposed list was:
pl> >
pl> > CAST
pl> > IDEA
pl> > MDC2
pl> > MD2 [ already disabled by default ]
pl> > RC5 [ already dis
On Sun, Nov 15, 2015 at 8:48 AM, pl wrote:
> On 14/11/2015 18:32, Viktor Dukhovni wrote:
>> On Sat, Nov 14, 2015 at 07:32:33AM +, Peter Waltenberg wrote:
>>
>>>I also can't see any point expunging old algorithms from the sources,
>>>making them not build by default should be enough.
>>
Hello!
In the commit 5e3d21fef150f020e2d33439401da8f7e311aa24 you set
the SSL_SSLV3 for the GOST ciphersuites. But the GOST ciphersuites are not
usable with SSLv3, they require TLSv1.
Could you turn the flag back for the GOST ciphersuites?
Thank you!
--
SY, Dmitry Belyavsky
__
On 14/11/2015 18:32, Viktor Dukhovni wrote:
> On Sat, Nov 14, 2015 at 07:32:33AM +, Peter Waltenberg wrote:
>
>>I also can't see any point expunging old algorithms from the sources,
>>making them not build by default should be enough.
> It is difficult enough to maintain code that is ty