[Pkg-openssl-devel] Bug#736687: Bug#736687: libssl1.0.0: default cipher list contains insecure ciphers

Kurt Roeckx kurt at roeckx.be
Sun Jan 26 11:07:52 UTC 2014


On Sun, Jan 26, 2014 at 02:25:54AM +0000, brian m. carlson wrote:
> Package: libssl1.0.0
> Version: 1.0.1f-1
> Severity: important
> Tags: security
> 
> The default cipher list for OpenSSL is not secure.  It includes
> low-strength and export ciphers, which should not be enabled unless
> absolutely necessary.  Other TLS implementations do not do this, and
> neither should OpenSSL.  This also forces every user of OpenSSL to
> configure sensible defaults instead of doing it in one place.
> 
> An acceptable default would be HIGH:MEDIUM:!aNULL:!eNULL:!MD5.

Even that will not be good enough for some people, but it would
clerly be better than the current defaults.

I guess the problem with changing the default is that nobody is
using the default because it doesn't make any sense, so the impact
of changing the default in openssl will be small.

I would also like to point out that the !MD5 there only disables
RC4-MD5 and RC4 is the weakest part and that there is nothing
wrong with the use of MD5 like it is there.

I also have to disagree with your comment in #736287 about
IE on XP.  It does not support anything that provides 128 bit of
security.  3DES only has 112 bit, and everybody recommends
disabling RC4.  For the rest it also only supports weak ciphers.

Anyway, I'm open to have the defaults changed in Debian even if
upstream doesn't want to do it.  I wonder if I have to go with the
bettercrypto.org recommendations in that case and so also disable
RC4, 3DES and SEED.  But I find myself wanting to do GCM only and
go for their configuration A.


Kurt



More information about the Pkg-openssl-devel mailing list