Date: Mon, 4 Nov 2013 19:41:49 +0100 From: Stefan Bühler <stbuehler@...httpd.net> To: oss-security@...ts.openwall.com Cc: hanno@...eck.de Subject: Re: openssl default ciphers On Mon, 4 Nov 2013 18:49:06 +0100 Hanno Böck <hanno@...eck.de> wrote: > On Mon, 4 Nov 2013 18:16:30 +0100 > Stefan Bühler <stbuehler@...httpd.net> wrote: > > > Is 'DEFAULT@...ENGTH:!LOW:!EXP' (should > > be similar to 'HIGH:MEDIUM:!aNULL') a reasonably default? > > SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL@...ENGTH > should be fine. There are basically near zero browsers out there that > should have any problems with that. Even dinosaurs like IE6 can work > with this, you don't need "medium" ciphers as long as you don't want > to make a site accessible to browser museums. There is no difference to HIGH:!aNULL on my system. I don't see why HIGH:!MEDIUM:!LOW could be not equal to HIGH anyway... > And looking at what medium includes that high doesn't, it seems you > really don't want that ancient cipher suites: > -DHE-RSA-SEED-SHA > -DHE-DSS-SEED-SHA > -SEED-SHA > -IDEA-CBC-SHA > -IDEA-CBC-MD5 > -RC2-CBC-MD5 > -ECDHE-RSA-RC4-SHA > -ECDHE-ECDSA-RC4-SHA > -ECDH-RSA-RC4-SHA > -ECDH-ECDSA-RC4-SHA > -RC4-SHA > -RC4-MD5 > -RC4-MD5 > -PSK-RC4-SHA This is not what I get for "MEDIUM" (debian testing); I see only SEED + RC4; RC2 is an export cipher; wikipedia has some stuff on IDEA, and it seems indeed "ancient". SEED might be more relevant (for Korea...), and RC4 is having a big comeback due to the BEAST attack. I think due to BEAST a default collection should include RC4; that is why I included MEDIUM. Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.