On Wed, Feb 11, 2015 at 03:30:57AM +0000, Salz, Rich wrote: > > By all means, don't use it, but it is not OpenSSL's choice to make by breaking > > the meaning of existing interfaces. > > Except that we've explicitly stated we're breaking things with this new release. > > Those magic cipher keywords are point-in-time statements. And time has moved on. Those categories had and continue to have sensible definitions to which the proposed changes would do unwarranted violence. It is OK to drop EXPORT ciphers entirely. It is OK to drop LOW ciphers entirely. Nobody is using either. The deprecation of RC4 is still aspirational, and reclassifying it as LOW breaks configurations where it is still needed. It is largely sufficient to drop RC4 from the "DEFAULT" cipherlist, leaving applications that make more fine-grained choices to make their own RC4 decisions. The DEFAULT cipherlist is a point-in-time definition, but EXPORT, LOW, MEDIUM and HIGH have more precise expected semantics. Libraries should only break compatibility when there is no choice. Here there are many alternatives. Including the "security level" features already in the master release, which address the issue more systematically. This, plus further work on documenting NCONF, publishing reasonably complete best-practice sample client and server programs will do a lot more good than needlessly breaking non-browser opportunistic TLS applications. -- Viktor.
