Opened 5 years ago

Closed 5 years ago

#1846 closed enhancement (fixed)

Update to use 'HIGH' ciphers as default in OpenSSL

Reported by: ming Owned by: bennylp
Priority: normal Milestone: release-2.4.5
Component: applications Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description

Since March 2015, a TLS/SSL security vulnerability was revealed, which
mandates to disable certain TLS cipher-suites
<https://en.wikipedia.org/wiki/FREAK>. Furthermore since February 2015,
RFC 7465 prohibits the cipher-suite RC4. To achieve this with OpenSSL, the
cipher-suite list has to be changed from "DEFAULT" to "HIGH". Furthermore,
all ciphers which were not included in "DEFAULT" before (like eNULL), should
not appear now either. Therefore: HIGH:-COMPLEMENTOFDEFAULT.

Special thanks to Alexander Traud for his excellent suggestion, description, and patch.

Change History (1)

comment:1 Changed 5 years ago by ming

  • Resolution set to fixed
  • Status changed from new to closed

In 5078:

Fixed #1846: Update to use 'HIGH' ciphers as default in OpenSSL

Note: See TracTickets for help on using tickets.