Re: OpenSSL 3.0.0 enabling SSLv3 support

Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> · Thu, 7 Oct 2021 11:53:02 -0400

On Thu, Oct 07, 2021 at 09:38:30AM -0500, Mark Hack wrote:

> Added to all the weaknesses in SSLv3, the only supported cipher suites
> are either vulnerable  or deprecated and not advisable.

If we set aside browsers where CBC padding oracles are a problem, the
below are in practice still reasonably strong in most other
applications.

    ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
    ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
    DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
    AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
    ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
    ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
    DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
    AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

And yet, SSLv3 should still not be used, because it does not support
extensions, so no SNI, no protection against insecure renegotiation, ...

-- 
    Viktor.