Date: Thu, 25 Aug 2016 20:51:15 +0200 From: Bernard Spil <brnrd@FreeBSD.org> To: Lowell Gilbert <freebsd-ports-local@be-well.ilk.org> Cc: ports@freebsd.org Subject: Re: Upcoming OpenSSL 1.1.0 release Message-ID: <26373d990ef1e10aca8a1582c7cdad0c@imap.brnrd.eu> In-Reply-To: <44lgzm53rn.fsf@be-well.ilk.org> References: <6d35459045985929d061f3c6cca85efe@imap.brnrd.eu> <0E328A9485C47045F93C19AB@atuin.in.mat.cc> <20160823124201.GB48814@xtaz.uk> <ba968d48738a1b5f05546993e70abf7d@imap.brnrd.eu> <44lgzm53rn.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2016-08-24 22:08, Lowell Gilbert wrote: > Bernard Spil <brnrd@FreeBSD.org> writes: > >> Today new vulnerabilities with (3)DES and BlowFish were made public > > You're referring to something different than the HTTPS/OpenVPN > attacks? Because it really wouldn't be accurate to describe those > as vulnerabilities in the ciphers. Hi Lowell, Correct. And that is indeed not a vulnerability in the cipher. As far as I know all cipher suites in use that support DES or 3DES use CBC mode and are vulnerable. Disabling DES and 3DES therefore makes sense to me. Cheers, Bernard.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26373d990ef1e10aca8a1582c7cdad0c>