[Ach] Vote for new Cipherstring B [Was: Issue with OpenSSL >0.9.8l]

Hanno Böck hanno at hboeck.de
Fri May 16 15:03:38 CEST 2014

Hi all,

a more general comment on the whole discussion: If I got it right this
all circles around the question how to have a cipher string that's good
for old openssl versions, right?

Well, I think this is rather pointless. Basically, if someone asks "How
can I get better crypto on openssl 0.9.x?" then the only reasonable
answer is "you don't".

Everything before 1.0.1 is missing any support for any reasonable kind
of "good" crypto in light of recent attacks. It has no TLS 1.2 and is
therefore doomed to either do messy CBC/Mac-then-Encrypt-stuff or RC4
vulnerabilities. There's just no advice beside "please update" to give.

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140516/980fee2f/attachment.sig>

More information about the Ach mailing list