[Pkg-openssl-devel] Bug#779669: Bug#779669: OpenSSL: consider completely disabling EXPORT cipher suites

Török Edwin edwin at etorok.net
Wed Mar 4 15:51:55 UTC 2015


On 03/04/2015 05:40 PM, Kurt Roeckx wrote:
> On Wed, Mar 04, 2015 at 10:16:31AM +0200, Török Edwin wrote:
>> On 03/04/2015 07:10 AM, Kurt Roeckx wrote:
>>> On Tue, Mar 03, 2015 at 10:45:41PM +0200, Török Edwin wrote:
>>>> can you consider disabling the export suites in OpenSSL like LibreSSL did, and
>>>> like you've done for SSLv3?
>>>
>>> I do want to remove the export ciphers from the DEFAULT cipher
>>> string in all released branches.  I have patches upstream to do
>>> that, and to completly remove support for export ciphers in
>>> master.
>>
>> Nice!
>>
>>>
>>>> [2] https://github.com/libressl-
>>>> portable/openbsd/commit/9e3c8206e0f32386e79956dfa4a26bbfdb3dd10d
>>>> [4] https://github.com/libressl-
>>>> portable/openbsd/commit/9e3c8206e0f32386e79956dfa4a26bbfdb3dd10d
>>>
>>> That's the same link.
>>
>> Sorry, the other link was supposed to be this that removes the ephemeral RSA:
>> https://github.com/libressl-portable/openbsd/commit/b0a3dc11e2f40da00441447a359ed16e8c578e44
> 
> That's still only 3 distinc URLs.

Looks like the LibreSSL ITP url was missing: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754513

--Edwin



More information about the Pkg-openssl-devel mailing list