From owner-freebsd-ports@freebsd.org Thu Aug 25 18:51:19 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 95624BC6A16 for ; Thu, 25 Aug 2016 18:51:19 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 7A4AC1A64 for ; Thu, 25 Aug 2016 18:51:19 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id 79A55BC6A15; Thu, 25 Aug 2016 18:51:19 +0000 (UTC) Delivered-To: ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 794C6BC6A14 for ; Thu, 25 Aug 2016 18:51:19 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from smtp01.qsp.nl (smtp01.qsp.nl [193.254.214.162]) by mx1.freebsd.org (Postfix) with ESMTP id 39A1C1A63 for ; Thu, 25 Aug 2016 18:51:18 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from smtp01.qsp.nl (localhost [127.0.0.1]) by smtp01.qsp.nl (Postfix) with ESMTP id 834FF2A0D0A; Thu, 25 Aug 2016 20:51:16 +0200 (CEST) Received: from mail.brnrd.eu (unknown [193.164.217.85]) by smtp01.qsp.nl (Postfix) with ESMTP; Thu, 25 Aug 2016 20:51:16 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=brnrd.eu; h=date:from:to:subject:message-id; s=default; bh=aDPCR33Vu0q+1mNPMXu1EeVG2upvoVJ5fopyM+jt86g=; b=3OyaV8qFimWOdPec1GbBQUeiT8yL5+UFwE5eBxSMXxWtKacfYhE1VsMTTt9bhbV3lBz80x9Lf0HeyTZlI+A3R+6kr7EPorcsamUWIFA4Cp52tOS8EZeekDoJeTASftGozXTP/8mwWPaWWK5x40KlDnXrpE6IjYROsMW/pneOEqMe0o6UbgsYEoQldpTBEMiQSGBWWtcy28Q2EcDSwml4IFbJY+bPN+ScFvWyj1xyhdtZG03BrZug+UOhCOQ27C8KhSQ7iL6lwSeK2QpW/9DQ0w8vhEnCUWX3c1rJlfZcynOqvcl9IARKWV53TNZJk6aXvpYFGPoXQOrXP/vLJp64dA== Received: by bachfreund.nl (OpenSMTPD) with ESMTPSA id b2c67b77 TLS version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO; Thu, 25 Aug 2016 20:51:15 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 25 Aug 2016 20:51:15 +0200 From: Bernard Spil To: Lowell Gilbert Cc: ports@freebsd.org Subject: Re: Upcoming OpenSSL 1.1.0 release In-Reply-To: <44lgzm53rn.fsf@be-well.ilk.org> References: <6d35459045985929d061f3c6cca85efe@imap.brnrd.eu> <0E328A9485C47045F93C19AB@atuin.in.mat.cc> <20160823124201.GB48814@xtaz.uk> <44lgzm53rn.fsf@be-well.ilk.org> Message-ID: <26373d990ef1e10aca8a1582c7cdad0c@imap.brnrd.eu> X-Sender: brnrd@FreeBSD.org User-Agent: Roundcube Webmail/1.2.0 X-SMTP-Virus-Scanned: clamav at smtp01 X-Spam-Status: No, score=1.6 required=5.0 tests=HK_RANDOM_ENVFROM, HK_RANDOM_FROM,UNPARSEABLE_RELAY autolearn=disabled version=3.4.1 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on svfilter02.qsp.nl X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Aug 2016 18:51:19 -0000 On 2016-08-24 22:08, Lowell Gilbert wrote: > Bernard Spil writes: > >> Today new vulnerabilities with (3)DES and BlowFish were made public > > You're referring to something different than the HTTPS/OpenVPN > attacks? Because it really wouldn't be accurate to describe those > as vulnerabilities in the ciphers. Hi Lowell, Correct. And that is indeed not a vulnerability in the cipher. As far as I know all cipher suites in use that support DES or 3DES use CBC mode and are vulnerable. Disabling DES and 3DES therefore makes sense to me. Cheers, Bernard.