what is wrong with openssl ciphers?

Question

I used openssl recently and noticed that in the cipher list there is AES (what else ) and then I saw many rarely used ciphers like camellia and seed, then I saw stuff like rc4, rc2 ...

Why are insecure outdated ciphers so widely supported by openssl? Would it not be better to support libraries for stronger ciphers like twofish or the new GOST cipher?

In "ecparam" I even saw that many modern curves were missing.

Well, what's wrong with supporting old and broken ciphers as long as you don't recommend them? They might be useful for experiments, debugging, proof of concepts, etc. OpenSSL tools are multi-purpose. — Arminius, Mar 26 '17 at 16:49
1.0.1 is no longer supported upstream, and upstream default configs haven't included any export (which includes RC2) for years. Upgrade your system. — dave_thompson_085, Mar 27 '17 at 04:45
ok thank you , I will update my system . I didn´t know that there is a newer version . I picked up cryptography as a hobby and just used the one which came with my distro . — Richard R. Matthews, Mar 29 '17 at 14:24

score 2 · Answer 1 · answered Mar 26 '17 at 16:51

2

OpenSSL is an extremely widely used library. There are many legacy systems that only support old ciphers, and so the OpenSSL project is conservative in removing support for them, preferring to allow the user to configure allowed algorithms. This is in contrast to a library like NaCl, which is highly opinionated about algorithms.

As a side note, just because you have not heard of camellia does not make "no-name".

answered Mar 26 '17 at 16:51

Xiong Chiamiov

9,384
2
34
76

well not no name , but It is a japanese cipher which still has a patent right ? Not many services use it – Richard R. Matthews Mar 26 '17 at 18:17

what is wrong with openssl ciphers?

1 Answers1