[Cryptography] OpenSSL minimal "safe" configuration?
Ray Dillinger
bear at sonic.net
Wed Jan 13 17:20:09 EST 2016
On 01/11/2016 03:19 PM, Peter Gutmann wrote:
> Henry Baker <hbaker1 at pipeline.com> writes:
>
>> I was trying to build OpenSSL with a minimal, "safe" configuration.
>>
>> By "safe", I mean using the latest/best algorithms, and *deleting* all the
>> known-to-be-unsafe algorithms.
>>
>> However, I can't seem to build OpenSSL w/o DES, w/o MD5, etc.
>
> MD5 is required for TLS before 1.2 (it uses a dual-hash, MD5 || SHA1), and DES
> is required for 3DES. Getting rid of those will disable a whole pile of
> crypto functionality.
I would argue that MD5, single-DES, and export-grade crypto are
so poisonous at this point that anything depending on them needs
to be terminated with extreme prejudice. If it's required for
TLS versions before 1.2, that is an indication that compatibility
with TLS versions before 1.2 must be dropped like a hot rock.
If you want to make a fork named InsecureSSL that supports that stuff
for backward compatibility, that would be fine. But it shouldn't
be in the same tool people are using for secure operations.
I support Henry in his goal and would vastly prefer an OpenSSL that
flatly refused to use known insecure algorithms.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160113/1394f5f7/attachment.sig>
More information about the cryptography
mailing list