On Wed, Dec 04, 2013 at 01:29:09PM +0100, Fedor Brunner wrote:
> The default cipher settings in OpenSSL prefer 3DES over AES-128. In
> general, Triple DES with three independent keys has a key length of 168
> bits, but due to the meet-in-the-middle attack, the effective security
> it provides is only 112 bits. Triple DES is much slower than 128 bit
> AES. Why is the 3DES cipher preferred over AES-128 ?
Larger key-space (and prohibitive space requirements for
meet-in-the-middle attacks).
You can safely disable 3DES, and improve inter-operability (e.g.
some older Windows systems have problems with 3DES). Set the
cipherlist to:
DEFAULT:!SSLv2:!EXPORT:!LOW:!3DES:!IDEA:!RC2
None of the excluded ciphersuites are used much if at all, and
removing them can improve interoperability with some sites.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
