Date: Mon, 4 Nov 2013 11:47:12 -0700 From: Mike <mikedawg@...il.com> To: oss-security@...ts.openwall.com Cc: hanno@...eck.de Subject: Re: openssl default ciphers RC4 should absolutely not be included. RC4 is just as broken, if not broken worse than other cryptographic algorithms. I recommend you check out Matthew Green's blog: http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html If you search around, you can find similar stories of problems with RC4 (like this one from Qualys: https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls ) Mike On Mon, Nov 4, 2013 at 11:41 AM, Stefan Bühler <stbuehler@...httpd.net> wrote: > On Mon, 4 Nov 2013 18:49:06 +0100 > Hanno Böck <hanno@...eck.de> wrote: > >> On Mon, 4 Nov 2013 18:16:30 +0100 >> Stefan Bühler <stbuehler@...httpd.net> wrote: >> >> > Is 'DEFAULT@...ENGTH:!LOW:!EXP' (should >> > be similar to 'HIGH:MEDIUM:!aNULL') a reasonably default? >> >> SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL@...ENGTH >> should be fine. There are basically near zero browsers out there that >> should have any problems with that. Even dinosaurs like IE6 can work >> with this, you don't need "medium" ciphers as long as you don't want >> to make a site accessible to browser museums. > > There is no difference to HIGH:!aNULL on my system. I don't see why > HIGH:!MEDIUM:!LOW could be not equal to HIGH anyway... > >> And looking at what medium includes that high doesn't, it seems you >> really don't want that ancient cipher suites: >> -DHE-RSA-SEED-SHA >> -DHE-DSS-SEED-SHA >> -SEED-SHA >> -IDEA-CBC-SHA >> -IDEA-CBC-MD5 >> -RC2-CBC-MD5 >> -ECDHE-RSA-RC4-SHA >> -ECDHE-ECDSA-RC4-SHA >> -ECDH-RSA-RC4-SHA >> -ECDH-ECDSA-RC4-SHA >> -RC4-SHA >> -RC4-MD5 >> -RC4-MD5 >> -PSK-RC4-SHA > > This is not what I get for "MEDIUM" (debian testing); I see only SEED + > RC4; RC2 is an export cipher; wikipedia has some stuff on IDEA, and it > seems indeed "ancient". SEED might be more relevant (for Korea...), and > RC4 is having a big comeback due to the BEAST attack. > > I think due to BEAST a default collection should include RC4; that is > why I included MEDIUM. -- Mike
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.