[Ach] Vote for new Cipherstring B [Was: Issue with OpenSSL >0.9.8l]

Aaron Zauner azet at azet.org
Wed May 14 14:31:29 CEST 2014


Hi,

L. Aaron Kaplan wrote:
> On May 13, 2014, at 8:31 PM, Aaron Zauner <azet at azet.org> wrote:
> 
>> Ok, I've come up with the following B cipherstring:
>>
>> ```
>> EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
>> ``
>>
> 
> 
> Can we go over this proposal at the next meeting?
> 
You missed the mailing list (in CC now).

Sure. The thing is I want this to be changed ASAP since it negatively
affects all our recommendations for OpenSSL <1.0.0 (see forwarded
openssl-dev mail). We're currently shipping _non_optimal_ security for
systems that ship those OpenSSL versions (RHEL5+6, MacOS X, Debian
old-stable, for example).

Since the next meeting is planned for June, and we have a lot of people
on the mailing list that won't make it to this meeting, I'd be a good
idea to discuss this issue beforehand on the list. Unfortunately there's
little to no input on any of the issues I've reported in the last couple
of weeks.


Aaron

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140514/d9cf01f4/attachment.sig>


More information about the Ach mailing list