Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 Nov 2013 11:47:12 -0700
From: Mike <mikedawg@...il.com>
To: oss-security@...ts.openwall.com
Cc: hanno@...eck.de
Subject: Re: openssl default ciphers

RC4 should absolutely not be included.

RC4 is just as broken, if not broken worse than other cryptographic
algorithms. I recommend you check out Matthew Green's blog:
http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html

If you search around, you can find similar stories of problems with
RC4 (like this one from Qualys:
https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls
 )

Mike

On Mon, Nov 4, 2013 at 11:41 AM, Stefan Bühler <stbuehler@...httpd.net> wrote:
> On Mon, 4 Nov 2013 18:49:06 +0100
> Hanno Böck <hanno@...eck.de> wrote:
>
>> On Mon, 4 Nov 2013 18:16:30 +0100
>> Stefan Bühler <stbuehler@...httpd.net> wrote:
>>
>> > Is 'DEFAULT@...ENGTH:!LOW:!EXP' (should
>> > be similar to 'HIGH:MEDIUM:!aNULL') a reasonably default?
>>
>> SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL@...ENGTH
>> should be fine. There are basically near zero browsers out there that
>> should have any problems with that. Even dinosaurs like IE6 can work
>> with this, you don't need "medium" ciphers as long as you don't want
>> to make a site accessible to browser museums.
>
> There is no difference to HIGH:!aNULL on my system. I don't see why
> HIGH:!MEDIUM:!LOW could be not equal to HIGH anyway...
>
>> And looking at what medium includes that high doesn't, it seems you
>> really don't want that ancient cipher suites:
>> -DHE-RSA-SEED-SHA
>> -DHE-DSS-SEED-SHA
>> -SEED-SHA
>> -IDEA-CBC-SHA
>> -IDEA-CBC-MD5
>> -RC2-CBC-MD5
>> -ECDHE-RSA-RC4-SHA
>> -ECDHE-ECDSA-RC4-SHA
>> -ECDH-RSA-RC4-SHA
>> -ECDH-ECDSA-RC4-SHA
>> -RC4-SHA
>> -RC4-MD5
>> -RC4-MD5
>> -PSK-RC4-SHA
>
> This is not what I get for "MEDIUM" (debian testing); I see only SEED +
> RC4; RC2 is an export cipher; wikipedia has some stuff on IDEA, and it
> seems indeed "ancient". SEED might be more relevant (for Korea...), and
> RC4 is having a big comeback due to the BEAST attack.
>
> I think due to BEAST a default collection should include RC4; that is
> why I included MEDIUM.



-- 
Mike

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.