### Changes between 3.0 and 3.1 [xx XXX xxxx]
+ * The default SSL/TLS security level has been changed from 1 to 2. RSA,
+ DSA and DH keys of 1024 bits and above and less than 2048 bits and ECC keys
+ of 160 bits and above and less than 224 bits were previously accepted by
+ default but are now no longer allowed. By default TLS compression was
+ already disabled in previous OpenSSL versions. At security level 2 it cannot
+ be enabled.
+
+ *Matt Caswell*
+
* The SSL_CTX_set_cipher_list family functions now accept ciphers using their
IANA standard names.
The security level corresponds to a minimum of 80 bits of security. Any
parameters offering below 80 bits of security are excluded. As a result RSA,
DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits
-are prohibited. All export cipher suites are prohibited since they all offer
-less than 80 bits of security. SSL version 2 is prohibited. Any cipher suite
-using MD5 for the MAC is also prohibited. Any cipher suites using CCM with
-a 64 bit authentication tag are prohibited.
+are prohibited. Any cipher suite using MD5 for the MAC is also prohibited. Any
+cipher suites using CCM with a 64 bit authentication tag are prohibited.
=item B<Level 2>
=head1 NOTES
The default security level can be configured when OpenSSL is compiled by
-setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 1 is used.
+setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 2 is used.
The security framework disables or reject parameters inconsistent with the
set security level. In the past this was difficult as applications had to set
projects / thirdparty / openssl.git / commitdiff
