On 30/11/16 09:35, Mattia Rossi wrote: > Hi all, > > After updating from 1.0.2h to 1.0.2j some of my PHP script is broken, > because it can't connect to the server, after some research the server > supports very old TLSv1.0 ciphers. > > So i check what ciphers PHP query for and with different versions of > openssl i get different result, so in libssl 1.0.2h i have these > chipers: > - EDH-RSA-DES-CBC3-SHA > - DES-CBC3-SHA > > In the last version i haven't. > > Where is the information when ciphers are dropped? and why? These ciphers have not been dropped in 1.0.2, but reclassified from the "HIGH" cipherstring keyword to the "MEDIUM" cipherstring keyword. Major changes such as these are normally described in the CHANGES file: https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/CHANGES In this case, the following entry is relevant: *) In order to mitigate the SWEET32 attack, the DES ciphers were moved from HIGH to MEDIUM. This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan Leurent (INRIA) (CVE-2016-2183) [Rich Salz] You can read more about SWEET32 here: https://www.openssl.org/blog/blog/2016/08/24/sweet32/ Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
