Hi all, We are considering removing from OpenSSL 1.1 known broken or outdated cryptographic primitives. As you may know the forks have already done this but I'd like to seek careful feedback for OpenSSL first to ensure we won't be breaking any major applications. These algorithms are currently candidates for removal: CAST IDEA MDC2 MD2 [ already disabled by default ] RC5 [ already disabled by default ] RIPEMD SEED WHIRLPOOL ALL BINARY ELLIPTIC CURVES My preference would be to remove these algorithms completely (as in, delete the code). Disabled-by-default code will either be re-enabled by distros (if there's widespread need for it - in which case we might as well leave it in) or will be poorly tested and is likely to just silently rot and break. This code is bloat and maintentance burden for us - my hope is that much of this code is effectively dead and can be removed. *Are you aware of any mainstream need to continue supporting these algorithms in OpenSSL 1.1?* Note that an older OpenSSL library or binary, or a standalone implementation or another crypto toolkit can always be used to continue supporting a legacy standalone application, or to decrypt ciphertext from the distant past. I am looking for use cases that could cause e.g. interop breakage between new and old peers, or major pain to distro end-users. These algorithms are obsolete but removing them doesn't look feasible: BLOWFISH - probably still in use though I don't know where exactly? MD4 - used in NTLM RC2 - used in PKCS#12 *Did I miss anything from the list?* Cheers, Emilia -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151113/deda49b7/attachment.html>
