[Ach] Vote for new Cipherstring B [Was: Issue with OpenSSL >0.9.8l]
Hanno Böck
hanno at hboeck.de
Fri May 16 15:03:38 CEST 2014
Hi all,
a more general comment on the whole discussion: If I got it right this
all circles around the question how to have a cipher string that's good
for old openssl versions, right?
Well, I think this is rather pointless. Basically, if someone asks "How
can I get better crypto on openssl 0.9.x?" then the only reasonable
answer is "you don't".
Everything before 1.0.1 is missing any support for any reasonable kind
of "good" crypto in light of recent attacks. It has no TLS 1.2 and is
therefore doomed to either do messy CBC/Mac-then-Encrypt-stuff or RC4
vulnerabilities. There's just no advice beside "please update" to give.
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140516/980fee2f/attachment.sig>
More information about the Ach
mailing list