[Cryptography] OPENSSL FREAK

Nikos Mavrogiannopoulos nmav at redhat.com
Tue Mar 24 06:26:44 EDT 2015

On Tue, 2015-03-24 at 01:12 +0000, ianG wrote:
> On 23/03/2015 18:11 pm, WebDawg wrote:
> > I had a question that may seem a bit late but:  why are/were the export
> > ciphers still put into a current SSL suite?
> The answer is in parts.
> 1.  In the 1990s it was believed that cipher agility was a good thing. 
> Everyone had the right to propose their own pet algorithm and get it in 
> there.  (Since then, we've figured out this is a very bad idea...)

You answer is twisting facts. The export ciphers were not because
everyone could propose their own pet algorithm. The export ciphers were
part of the core SSL 3.0 specification. Whether the specification
allowed its extension beyond the export ciphers is irrelevant. Actually,
the fact that today we use AES instead of RC4-40 is just because SSL 3.0
had agility.

> 2.  Nobody created a plan, or a protocol, or a ceremony, or anything 
> that actually told us how 1 billion browser users and 1 million server 
> sysadmins would actually ... switch.  So when the time came, the switch 
> couldn't be used, and wasn't relevant.
> 2.b  And of course, there was no plan/process/ceremony/desire to
> any algorithms.

Could you please elaborate what you mean here? Several implementations
switched, and actually disabled the export ciphersuites years ago (in
gnutls we completely removed support for export ciphers in 2013, and
even before it was disabled by default). The reason browsers kept the
export ciphers, is mostly attributed to their strive for 100%
compatibility with any legacy server out there.


More information about the cryptography mailing list