Re: When ciphers are deprecated?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Matt,

it's all i need!

2016-11-30 10:58 GMT+01:00 Matt Caswell <matt@xxxxxxxxxxx>:
>
>
> On 30/11/16 09:35, Mattia Rossi wrote:
>> Hi all,
>>
>> After updating from 1.0.2h to 1.0.2j some of my PHP script is broken,
>> because it can't connect to the server, after some research the server
>> supports very old TLSv1.0 ciphers.
>>
>> So i check what ciphers PHP query for and with different versions of
>> openssl i get different result, so in libssl 1.0.2h i have these
>> chipers:
>> - EDH-RSA-DES-CBC3-SHA
>> - DES-CBC3-SHA
>>
>> In the last version i haven't.
>>
>> Where is the information when ciphers are dropped? and why?
>
> These ciphers have not been dropped in 1.0.2, but reclassified from the
> "HIGH" cipherstring keyword to the "MEDIUM" cipherstring keyword. Major
> changes such as these are normally described in the CHANGES file:
>
> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/CHANGES
>
> In this case, the following entry is relevant:
>
>
>   *) In order to mitigate the SWEET32 attack, the DES ciphers were moved
> from
>      HIGH to MEDIUM.
>
>      This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan
>      Leurent (INRIA)
>      (CVE-2016-2183)
>      [Rich Salz]
>
>
> You can read more about SWEET32 here:
>
> https://www.openssl.org/blog/blog/2016/08/24/sweet32/
>
> Matt
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux