? I have seen rumors (nothing reliable) that the TLS WG is proposing
to disable a whole lot of good cipher suites in TLS 1.3.
Well, it's pretty easy to verify. Look at the IETF TLS-WG web page, and get a
pointer to the current draft doc.
Yes, TLS removes non-AEAD ciphers, and has only PFS key
On Tue, Nov 17, 2015 at 11:24:17AM -0800, Jay Foster wrote:
> I can understand the desire to remove the assembly code options,
*ONLY* for deprecated legacy algorithms, as an alternative to the
proposal to remove the algorithm entirely.
> I recently updated a product I support (50MHz single core)
On 11/17/2015 9:56 AM, Jeffrey Walton wrote:
We can significantly reduce that liability by removing any assembler
optimisations. Also just because something is available doesn't mean it
has to be "default". We can have good defaults whilst keeping old crypto.
Zooko Wilcox O'Hearn recently gave a
On 11/17/2015 12:00 PM, Jeffrey Walton wrote:
>
>
> Also, if OpenSSL requires iOS 9 or above, then its setting policy for users.
In some sense, yes. But it has always done so -- OpenSSL only supports
certain platforms, and certain versions of certain platforms. There are
prerequisites to being a
On Tue, Nov 17, 2015 at 7:21 AM, Emilia Käsper wrote:
>
>
> On Tue, Nov 17, 2015 at 11:12 AM, Jeffrey Walton wrote:
>>
>> > MD2 - (The argument that someone somewhere may want to keep verifying
>> > old
>> > MD2 signatures on self-signed certs doesn't seem like a compelling
>> > enough
>> > reaso
>> We can significantly reduce that liability by removing any assembler
>> optimisations. Also just because something is available doesn't mean it
>> has to be "default". We can have good defaults whilst keeping old crypto.
>
> Zooko Wilcox O'Hearn recently gave a talk at a software assurance
> con
With regard to the idea that one can simply make older algorithms
Somebody Else's Problem: is it *known* that another viable,
well-maintained product sees this as one of its roles? That would be
more reassuring, I think, than just hoping that some unknown group
will step into the gap.
--
Mark H
On Tue, Nov 17, 2015 at 11:12 AM, Jeffrey Walton wrote:
> > MD2 - (The argument that someone somewhere may want to keep verifying old
> > MD2 signatures on self-signed certs doesn't seem like a compelling enough
> > reason to me. It's been disabled by default since OpenSSL 1.0.0.)
> > ...
> Apple
>> I asked for mainstream use-cases for algorithms whose removal could
>> cause widespread pain. Some individual users, undoubtedly, will be hit
>> by this, and I acknowledge that they may not be reading this list. But I
>> wanted to know if I'd missed something endemic. I also asked elsewhere:
>>
> MD2 - (The argument that someone somewhere may want to keep verifying old
> MD2 signatures on self-signed certs doesn't seem like a compelling enough
> reason to me. It's been disabled by default since OpenSSL 1.0.0.)
> ...
Apple still provides two Verisign certificates using
md2WithRSAEncryption
Hi all,
We are using the OpenSSL FIPS module v2.0 and are in the process of certifying
the algorithms for our implementation. As part of this process there are
different types of questionnaires about the algorithms. The questionnaire for
AES GCM mode asks:
:
:
Input Data Lengths (0 to 65536 bit
11 matches
Mail list logo
