Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DRAFT] Alias OpenSSL SECLEVEL directives to ALL #2065

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

[DRAFT] Alias OpenSSL SECLEVEL directives to ALL #2065

wants to merge 1 commit into from
+16 −83

Conversation

WillChilds-Klein
Copy link
Contributor

@WillChilds-Klein WillChilds-Klein commented Dec 18, 2024
edited
Loading

Issues:

Addresses CryptoAlg-2792

Description of changes:

To increase compatibility with OpenSSL's notion of "security levels", this commit aliases all security levels ≤ 3 to AWS-LC's ALL alias. Described here, OpenSSL's security levels ≤ 3 stipulate at most 128 bits of security. Because we don't offer any ciphersuites providing less than 128 bits of security, we enable all ciphersuites in those cases.

Testing:

  • CI with reduced CPython patch set

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@samuel40791765
Copy link
Contributor

Just to give some more context, I initially set our default security level to 3 under the same justifications. However, I had to change the value to 0 later on because we don't directly prohibit 512 bit RSA keys like OpenSSL states with Level 1..
This commit has more details: 42cd981

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@WillChilds-Klein @samuel40791765