On 2019-04-21 16:52:30 [+0200], Paul Gevers wrote: > Hi Kurt, Christoph, Sebastian, others, Hi Paul,
> Could somebody of the openssl team propose a text that can be added to > the release-notes about the new defaults? I am not asking for package > specific text (although that is welcome of course), but rather a generic > description of the change, what it means, how it can be circumvented and > what the drawbacks of that are. We have this [0]: | Following various security recommendations, the default minimum TLS version | has been changed from TLSv1 to TLSv1.2. Mozilla, Microsoft, Google and Apple | plan to do same around March 2020. | | The default security level for TLS connections has also be increased from | level 1 to level 2. This moves from the 80 bit security level to the 112 bit | security level and will require 2048 bit or larger RSA and DHE keys, 224 bit | or larger ECC keys, and SHA-2. | | The system wide settings can be changed in /etc/ssl/openssl.cnf. Applications | might also have a way to override the defaults. | | In the default /etc/ssl/openssl.cnf there is a MinProtocol and CipherString | line. The CipherString can also sets the security level. Information about the | security levels can be found in the SSL_CTX_set_security_level(3ssl) manpage. | The list of valid strings for the minimum protocol version can be found in | SSL_CONF_cmd(3ssl). Other information can be found in ciphers(1ssl) and | config(5ssl). | | Changing back the defaults in /etc/ssl/openssl.cnf to previous system wide | defaults can be done using: | MinProtocol = None | CipherString = DEFAULT | | It's recommended that you contact the remote site in case the defaults cause | problems. The system default is valid for package that links against libssl1.1. Some packages (like wpa_supplicant) override the limit so they may use TLSv1 even if it is disabled. Is the text above more or less what you asked for? [0] /usr/share/doc/libssl1.1/NEWS.Debian.gz > Paul Sebastian
