On Wed, Jan 2, 2013 at 3:15 PM, Noah Misch <noah@leadboat.com> wrote:
> On Wed, Jan 02, 2013 at 02:03:20PM +0100, Magnus Hagander wrote:
>> On Wed, Jan 2, 2013 at 1:15 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> > So +1 for changing it to "DEFAULT" from me, too. There's no reason to
>> > think we know more about this than the OpenSSL authors.
>>
>> The DEFAULT value in OpenSSL 1.0 means "ALL:!aNULL:!eNULL".
>>
>> Researching some more, this might cause a problem actually, which
>> would explain some of the things that are in our default. For example,
>> an ADH algorithm doesn't use certificates - but it uses DH parameters,
>> so it likely won't work anyway. EDH uses certs, but also requires DH
>> parameters.
>>
>> Maybe what we nede is "DEFAULT:!ADH:@STRENGTH" as the default?
>
> I understand aNULL to include ADH.
Hmm. Seems you're right when I run a test on it, I was reading it wrong.
>> The other difference is that our current string denies 40 and 56 bit
>> encryptions (low and export strenghts). Do we stll want to do that?
>
> On the one hand, those seem bad to permit by default in 2013. On the other
> hand, if so, why hasn't OpenSSL removed them from DEFAULT? Perhaps it has
> backward-compatibility concerns that wouldn't apply to us by virtue of having
> disabled them for some time. Sounds reasonable to continue disabling them.
So then the default would be "DEFAULT:!LOW:!EXP:@STRENGTH"
(the @STRENGTH part is the sorting key for preference, which the
default one seems not to have)
The biggest difference being that we start from DEFAULT rather than ALL.
--Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/