From: Matt Caswell Date: Wed, 6 Oct 2021 14:08:43 +0000 (+0100) Subject: Update document for default security level change X-Git-Tag: openssl-3.2.0-alpha1~3481 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a4c4090c21058a75e8bf1ffcc469b6d9755c55ce;p=thirdparty%2Fopenssl.git Update document for default security level change Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16760) --- diff --git a/CHANGES.md b/CHANGES.md index 963289ca095..4902332206e 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,6 +24,15 @@ OpenSSL 3.1 ### Changes between 3.0 and 3.1 [xx XXX xxxx] + * The default SSL/TLS security level has been changed from 1 to 2. RSA, + DSA and DH keys of 1024 bits and above and less than 2048 bits and ECC keys + of 160 bits and above and less than 224 bits were previously accepted by + default but are now no longer allowed. By default TLS compression was + already disabled in previous OpenSSL versions. At security level 2 it cannot + be enabled. + + *Matt Caswell* + * The SSL_CTX_set_cipher_list family functions now accept ciphers using their IANA standard names. diff --git a/doc/man3/SSL_CTX_set_security_level.pod b/doc/man3/SSL_CTX_set_security_level.pod index d9965572c8e..85dae713f09 100644 --- a/doc/man3/SSL_CTX_set_security_level.pod +++ b/doc/man3/SSL_CTX_set_security_level.pod @@ -75,10 +75,8 @@ OpenSSL. The security level corresponds to a minimum of 80 bits of security. Any parameters offering below 80 bits of security are excluded. As a result RSA, DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits -are prohibited. All export cipher suites are prohibited since they all offer -less than 80 bits of security. SSL version 2 is prohibited. Any cipher suite -using MD5 for the MAC is also prohibited. Any cipher suites using CCM with -a 64 bit authentication tag are prohibited. +are prohibited. Any cipher suite using MD5 for the MAC is also prohibited. Any +cipher suites using CCM with a 64 bit authentication tag are prohibited. =item B @@ -116,7 +114,7 @@ I =head1 NOTES The default security level can be configured when OpenSSL is compiled by -setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 1 is used. +setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 2 is used. The security framework disables or reject parameters inconsistent with the set security level. In the past this was difficult as applications had to set