Re: Minium version of OpenSSL required by "pkgsrc"

[Alistair Crooks <agc%pkgsrc.org@localhost>]

On Sun, Feb 09, 2014 at 11:42:17AM +0000, Matthias Scheler wrote:
> the minimum OpenSSL API version that we currently accept in "pkgsrc"
> is 0.9.6m. I would like to bump this to 1.0.1c (same as the API dependency)
> for security reasons:
> 
> - OpenSSL 0.9.* don't support TLS 1.1 which is required to mitigate the
>   BEAST attack (No, using RC4 is *not* an option, not even if Google
>   think so).
> - OpenSSL 0.9.* doesn't support TLS 1.2 and is therefore limitted to
>   using SHA1 as a hash function which is no longer considered secure.
> - OpenSSL 0.9.* doesn't support Elliptic curve cryptography. In particular
>   ECDHE_RSA is important to achieve Forward Secrecy as a lot of web server
>   don't support DHE. And DHE is slow to start with.
> 
> Requiring OpenSSL 1.0.1* would also allow us to get rid of a lot of
> OpenSSL 0.9.* hacks. Please have a look at e.g. "lang/python27/Makefile"
> or "mail/fetchmail/options.mk".
> 
> As a consequence NetBSD 5.0*, 5.1* and Mac OS X up to at least
> Mountain Lion and possibly other platforms would all be forced to
> use OpenSSL from "pkgrsc".
> 
> Opinions?

I'm all for this, for a number of reasons - I'd love to be more
current with openssl in particular.

It depends on what you want from SHA1 as to how much deprecation it
gets, BTW.  But, in this case probably yes, and in general, it would
be nice to move forwards.  As well as making progress with EC in
general, ephemeral keys in general, and openssl in particular.

Best,
Alistair