(keeping TOFU style to keep thread consistent).
You can also just use the cipher-list configuration option string
that an OpenSSL 1.0.x should allow passing to OpenSSL.
On 11/05/2017 22:17, Scott Neugroschl wrote:
So if I’m using 1.0.2, and want to deprecate 3DES, I need to do that
as part of my build?
*From:*openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] *On
Behalf Of *Scott Neugroschl
*Sent:* Thursday, May 11, 2017 11:13 AM
*To:* openssl-users@xxxxxxxxxxx
*Subject:* Re: Dumb question about DES
OK. Are the 3DES CBC ciphers still part of DEFAULT?
*From:*openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] *On
Behalf Of *Benjamin Kaduk via openssl-users
*Sent:* Thursday, May 11, 2017 9:18 AM
*To:* openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx>
*Subject:* Re: Dumb question about DES
Those ciphers are triple-DES, not single-DES. (The "CBC3" gives it
away ... well, not exactly.)
The single-DES ciphers were removed in release 1.1.0 (they are
included in the "40 and 56 bit cipher support removed from libssl"
item in the release notes), though the raw crypto primitives remain in
libcrypto.
-Ben
On 05/11/2017 11:07 AM, Scott Neugroschl wrote:
Has DES been deprecated in OpenSSL? If so, what release? In
particular the following ciphers
0.19 EDH-DSS-DES-CBC3-SHA
0.22 EDH-RSA-DES-CBC3-SHA
192.13 ECDH-RSA-DES-CBC3-SHA
192.3 ECDH-ECDSA-DES-CBC3-SHA
192.18 ECDHE-RSA-DES-CBC3-SHA
192.8 ECDHE-ECDSA-DES-CBC3-SHA
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
