On Sun, Jan 26, 2014 at 02:25:54AM +0000, brian m. carlson wrote: > Package: libssl1.0.0 > Version: 1.0.1f-1 > Severity: important > Tags: security > > The default cipher list for OpenSSL is not secure. It includes > low-strength and export ciphers, which should not be enabled unless > absolutely necessary. Other TLS implementations do not do this, and > neither should OpenSSL. This also forces every user of OpenSSL to > configure sensible defaults instead of doing it in one place. > > An acceptable default would be HIGH:MEDIUM:!aNULL:!eNULL:!MD5.
Even that will not be good enough for some people, but it would clerly be better than the current defaults. I guess the problem with changing the default is that nobody is using the default because it doesn't make any sense, so the impact of changing the default in openssl will be small. I would also like to point out that the !MD5 there only disables RC4-MD5 and RC4 is the weakest part and that there is nothing wrong with the use of MD5 like it is there. I also have to disagree with your comment in #736287 about IE on XP. It does not support anything that provides 128 bit of security. 3DES only has 112 bit, and everybody recommends disabling RC4. For the rest it also only supports weak ciphers. Anyway, I'm open to have the defaults changed in Debian even if upstream doesn't want to do it. I wonder if I have to go with the bettercrypto.org recommendations in that case and so also disable RC4, 3DES and SEED. But I find myself wanting to do GCM only and go for their configuration A. Kurt -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
