[Pkg-openssl-devel] Bug#778747: Bug#778747: Bug#778747: openssl: RFC 7465 says RC4 is broken, never to be used

Kurt Roeckx kurt at roeckx.be
Sat Feb 21 16:50:26 UTC 2015


On Sat, Feb 21, 2015 at 05:27:42PM +0100, Vincent Bernat wrote:
>  ? 21 février 2015 13:29 +0100, Kurt Roeckx <kurt at roeckx.be> :
> 
> >> > The defaults are good enough, as long as you don't really care
> >> > about PFS because IE doesn't have those at the top of it's list.
> >> > If you just change it to prefer the default server ordering you
> >> > should already have a decent list, but it prefers AES256 over
> >> > AES128 while there is no need for that.
> >> 
> >> PFS, performances and A+ note on Qualys SSL test. This may be a bit less
> >> true today since most browsers are now supporting ECDHE ciphers but it
> >> still holds, I think.
> >
> > Do you know what the minimum changes requirements are to get an
> > A(+)?
> > I'm guessing it requires at least this in wheezy:
> > - SSLProtocol all -SSLv3
> > - SSLHonorCipherOrder off
> >
> > It might require you to disable RC4, but if that's the case we
> > should probably talk to Qualsys about it.
> 
> Yes, grade capped to B if accepting RC4. I see two possibilities for
> this choice: either downgrade attacks (when not circumvented), either it
> is considered preferable to use AES or even 3DES (BEAST attack being
> prevented on server-side).

I don't see how you're going to do a downgrade attack to RC4.  Yes
clients like IE will enable RC4 on a fallback.  But if the server
supports something other than RC4 it should still pick that other
thing.


Kurt



More information about the Pkg-openssl-devel mailing list