[Pkg-openssl-devel] Bug#736687: libssl1.0.0: default cipher list contains insecure ciphers
brian m. carlson
sandals at crustytoothpaste.net
Sun Jan 26 02:25:54 UTC 2014
Package: libssl1.0.0
Version: 1.0.1f-1
Severity: important
Tags: security
The default cipher list for OpenSSL is not secure. It includes
low-strength and export ciphers, which should not be enabled unless
absolutely necessary. Other TLS implementations do not do this, and
neither should OpenSSL. This also forces every user of OpenSSL to
configure sensible defaults instead of doing it in one place.
An acceptable default would be HIGH:MEDIUM:!aNULL:!eNULL:!MD5.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libssl1.0.0 depends on:
ii cdebconf [debconf-2.0] 0.187
ii debconf [debconf-2.0] 1.5.52
ii libc6 2.17-97
ii multiarch-support 2.17-97
libssl1.0.0 recommends no packages.
libssl1.0.0 suggests no packages.
-- debconf information excluded
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20140126/48755b27/attachment.sig>
More information about the Pkg-openssl-devel
mailing list