Thanks Matt, it's all i need! 2016-11-30 10:58 GMT+01:00 Matt Caswell <matt@xxxxxxxxxxx>: > > > On 30/11/16 09:35, Mattia Rossi wrote: >> Hi all, >> >> After updating from 1.0.2h to 1.0.2j some of my PHP script is broken, >> because it can't connect to the server, after some research the server >> supports very old TLSv1.0 ciphers. >> >> So i check what ciphers PHP query for and with different versions of >> openssl i get different result, so in libssl 1.0.2h i have these >> chipers: >> - EDH-RSA-DES-CBC3-SHA >> - DES-CBC3-SHA >> >> In the last version i haven't. >> >> Where is the information when ciphers are dropped? and why? > > These ciphers have not been dropped in 1.0.2, but reclassified from the > "HIGH" cipherstring keyword to the "MEDIUM" cipherstring keyword. Major > changes such as these are normally described in the CHANGES file: > > https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/CHANGES > > In this case, the following entry is relevant: > > > *) In order to mitigate the SWEET32 attack, the DES ciphers were moved > from > HIGH to MEDIUM. > > This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan > Leurent (INRIA) > (CVE-2016-2183) > [Rich Salz] > > > You can read more about SWEET32 here: > > https://www.openssl.org/blog/blog/2016/08/24/sweet32/ > > Matt > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
