On Mon, Aug 17, 2015 at 03:18:14PM +0000, Viktor Dukhovni wrote:
> The relevant code was added to the 1.0.2 dev branch in Apr of 2012,
> backporting said code from the "master" branch where fixed DH
> support was enabled in January of 2012.
>
> On a related note, for what it's worth ECDSA certs are constrained
> by keyUsage if the extension is present.
My thoughts on these from the openssl-team list (non-public) from
May of 2015:
* Remove. Frankly, I think all the static DH ciphers (even non-export)
are useless bloat. Nobody uses them, and they lead to large client
HELLO messages, and interop issues.
I'd like to see them all deprecated, that'd be 42 fewer useless
ciphersuites.
* > Oh - except DH only. I think we need to keep static ECDH. I've been told
> there are some servers out there that are configured to do static ECDH
> with their ECDSA cert.
Whatever for? Why go to all that trouble to defeat forward secrecy?
And now there are additional reasons to drop support for these from
"master". Making incompatible changes in 1.0.2 patch releases is
perhaps not an option (unless removal of DHr/DHd/ECDHr/ECDHe can
be reasonably positioned as a bug fix).
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
