Mon 12:38 ~$ openssl versionI cut the stronger ciphers from the output, leaving weak ones: everything that is EXP (pre-2000 export strength, 40- or 56-bit keys) or DES. I decided to let triple-DES slide even though it's legacy and limited to 112 bits of security. I also let KRB5 and PSK slide, even though my understanding is that they're useless on the public Internet, due to needing to share a Kerberos setup or key (resp.) with the client in advance of the connection being made.
OpenSSL 1.0.0g-fips 18 Jan 2012
Mon 12:38 ~$ openssl ciphers DEFAULT | sed -e 's/:/ /g'
... EDH-RSA-DES-CBC-SHA EDH-DSS-DES-CBC-SHA DES-CBC-SHA KRB5-DES-CBC-SHA KRB5-DES-CBC-MD5 EXP-EDH-RSA-DES-CBC-SHA EXP-EDH-DSS-DES-CBC-SHA EXP-DES-CBC-SHA EXP-RC2-CBC-MD5 EXP-KRB5-RC2-CBC-SHA EXP-KRB5-DES-CBC-SHA EXP-KRB5-RC2-CBC-MD5 EXP-KRB5-DES-CBC-MD5 EXP-RC4-MD5 EXP-KRB5-RC4-SHA EXP-KRB5-RC4-MD5
Due to the weak ciphers being included by default, everyone needs to specially configure their server to gain true security. This means that all admins who want to do it "right" must keep up on all advancements in the field of cryptography, and distinguish real breaks from crackpot allegations. All admins who want it to "work" will just search the web and paste in whatever cipher suite they find, potentially leaving them vulnerable to BEAST. Meanwhile, that library we trusted to provide security is doing its best to avoid giving it to us.
In other news: SSL Deployment Best Practices (PDF).
Post a Comment