> as long as OpenSSL ships support for single DES by default, giving those
> ciphers the treatment 4 is... inconsistent... to put it mildly.
It depends on how you look at it.
We have to move very slowly (more slowly than I would like!!) to removing
things that are in the shipped software. But w
On Wed, Aug 19, 2015 at 02:59:59PM +0200, Hubert Kario wrote:
> > > > So what's the final resolution of this? Should we keep or drop
> > > >
> > > > the new PSK RC4 and PSK 3DES codepoints:
> > > > TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA
> > > > TLS_RSA_PSK_WITH_3DES_ED
On Tuesday 18 August 2015 17:02:24 Viktor Dukhovni wrote:
> On Tue, Aug 18, 2015 at 06:48:25PM +0200, Hubert Kario wrote:
> > > So what's the final resolution of this? Should we keep or drop
> > >
> > > the new PSK RC4 and PSK 3DES codepoints:
> > > TLS_RSA_PSK_WITH_RC4_128_SHA R
> These are brand new cipher suites, never before seen in OpenSSL.
> The argument is that it makes no sense to *add* these, because they're
> already obsolete. So I was hoping for 4 or 5.
Strongly agree.
> We can lose a bunch of code and attack surface by not supporting fixed
> (EC)DH. Does thi
On Tue, Aug 18, 2015 at 06:48:25PM +0200, Hubert Kario wrote:
> > So what's the final resolution of this? Should we keep or drop
> > the new PSK RC4 and PSK 3DES codepoints:
> >
> > TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA
> > TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RS
On Monday 17 August 2015 15:54:03 Viktor Dukhovni wrote:
> On Fri, Jul 31, 2015 at 05:37:20PM +, Viktor Dukhovni wrote:
> > Which ciphers are actually needed by PSK users? My hope is that
> > at this point RC4 and 3DES are not. It is highly likely that CBC
> > AES-CBC is needed, perhaps also
> TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA
> TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-
> SHA
Remove.
> On a related note (for those also reading the TLS WG list), any thoughts on
> deprecating any or all of the kDHr, kDHd, kECDHr, kECDHe ciphers?
R
On Fri, Jul 31, 2015 at 05:37:20PM +, Viktor Dukhovni wrote:
> Which ciphers are actually needed by PSK users? My hope is that
> at this point RC4 and 3DES are not. It is highly likely that CBC
> AES-CBC is needed, perhaps also Camellia, but the question is I
> think worth asking.
So what's
On Fri, Jul 31, 2015 at 07:24:15PM +0200, Hubert Kario wrote:
> > Question, should we really be adding new RC4 or new 3DES ciphersuites?
> > Both ciphers are rather obsolete now. And we even have an RFC that
> > "bans" RC4. While I have been known to resist potentially premature
> > removal of *
On Thursday 30 July 2015 15:09:18 Viktor Dukhovni wrote:
> On Sun, Jun 21, 2015 at 07:00:55PM +, Giuseppe D'Angelo via RT wrote:
> > diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
> > index c2d40ac..7fbe3a4 100644
> > --- a/doc/apps/ciphers.pod
> > +++ b/doc/apps/ciphers.pod
> > @@ -5
> Therefore, I would to propose that the 3DES and RC4 PSK ciphersuites not be
> included.
>
> I am not even sure that adding Camellia is a net win, ideally AES and
> (soonish)
> ChaCha20 are enough.
>
> One might similarly question the longevity of the new CBC suites, TLS 1.3 is
> moving to AEA
On Sun, Jun 21, 2015 at 07:00:55PM +, Giuseppe D'Angelo via RT wrote:
> diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
> index c2d40ac..7fbe3a4 100644
> --- a/doc/apps/ciphers.pod
> +++ b/doc/apps/ciphers.pod
> @@ -585,10 +585,22 @@ Note: these ciphers can also be used in SSL v3.
>
Yet another version after some refactorings that landed in master.
Please, pretty please, with sugar on top, could anyone review this code
so that it can get merged?
It's becoming a difficult exercise to keep track of upstream changes and
adapt the patch every single time...
Cheers,
--
Giusep
New version of the patch, targeting master.
It's basically style changes after the massive OpenSSL refactoring.
Thanks,
--
Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Software Engineer
KDAB (UK) Ltd., a KDAB Group company
Tel. UK +44-1738-450410, Sweden (HQ) +46-563-540090
KDAB - Qt Experts
14 matches
Mail list logo