[Cryptography] OpenSSL minimal "safe" configuration?

[Henry Baker]

At 04:14 PM 1/13/2016, Ray Dillinger wrote:
>On 01/13/2016 03:16 PM, Viktor Dukhovni wrote:
>>
>> For the rest of the world, being able to communicate trumps all other
>> concerns, and if security breaks communication, security will be turned
>> off, not communication.
>
>That may be, but can't people actually be required to consciously
>*turn* it off?
>
>If someone really wants to be compatible with an insecure old product,
>I have no problem with them being able to go and change the calls to
>"OpenSSL" in their scripts into calls to "InsecureSSL" and move
>"InsecureSSL" into their $PATH where scripts can invoke it.  That is
>a conscious decision to turn off security.
>
>But I really, really object to the idea that being compatible with
>insecure crap should be the *DEFAULT* configuration, or that scripts
>invoking insecure operations in OpenSSL should continue to work after
>those operations are discovered to be insecure.

If I were more paranoid, I'd think that Nessa was behind the
calls for "backward compatibility".  After all, they have a
*huge* investment in legacy protocol hacks, so it's in their
interest to keep people using these insecure protocols as
long as possible.  Furthermore, even when those legacy
protocols are turned off *by default*, the code still
remains for active hacking -- e.g., ROP programming using
this old code as a larger attack surface.