Re: OpenSSL disables TLS 1.0 and 1.1
- Date: Sun, 13 Aug 2017 13:31:26 +0200
- From: Ondřej Surý <ondrej@xxxxxxxx>
- Subject: Re: OpenSSL disables TLS 1.0 and 1.1
Which is definitely worse than HTTPS with even SSLv3.
Here I disagree, with HTTP you know you are using inherently insecure
transport layer and you can take other precautions.
With SSLv3, you might be fooled by feeling of security...
Apart from that, I think we need a system-wide default policy with
sufficiently difficult way how to re-enable older but still secure (for
some level of security) TLS protocols. And this needs to apply for all
On 11 August 2017 16:15:43 Christian Seiler <christian@xxxxxxxx> wrote:
Am 2017-08-11 15:09, schrieb Sven Hartge:
Unless it has been proven that TLS1.0 and TLS1.1 are as broken as SSL3,
please keep the support for them enabled in OpenSSL, and just change
defaults in the application to only use TLS1.2 (unless changed by the
I remember a talk at Debconf15 about Fedora's system-wide policy for
I haven't rewatched the talk, but if I remember correctly, the
whole thing was designed in a way that the administrator could
change both the system-wide policy and also override it per
If we follow through on this, we could then disable anything but
TLS 1.2 in the default system-wide policy - the default settings
would then be more secure while users could then still change the
policy for compatibility reasons if so required. It would also
provide a central nob for the future for users who don't have to
worry about compatibility and perhaps want to disable TLS 1.2 in
favor of 1.3 (which will be part of OpenSSL 1.1.1).
Btw. speaking of this issue: a friend of mine who's an administrator
at a university has had the problem that he can't use the HTTPS
interface of some NAS devices (and I'm talking 19" rack-mounted
storage with internal and external SAS interface) anymore since the
interface only supports either older SSL versions or older ciphers
that modern browsers simply don't accept anymore. (Not even with
about:config options.) And there are no firmware updates for these
devices anymore, so he's now administering these devices via
unencrypted HTTP. Which is definitely worse than HTTPS with even
SSLv3. In his case it's not too bad, because they are in a separate
network that isn't routed to the public (using ssh -D to a gateaway
to access them), but this shows what problems can arise from this.
Don't get me wrong: I do believe it's a huge problem that vendors
of said appliances don't provide updates for these kind of things,
and I wish that we could indeed drop everything except TLS 1.2, but
the real world is unfortunately more complicated, and I think
Debian would do a huge disservice to users if it removed TLS 1.0
and 1.1 from OpenSSL in Buster without a well-documented
possibility for the admin to reenable it.