Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Time to deprecate CBC algorithms? #1298
Thanks to the article at https://news.ycombinator.com/item?id=20284883, I just found out about the fact Qualys SSL Labs will be deprecating the CBC algorithms, supposedly starting in April of 2019 (see https://blog.qualys.com/technology/2019/04/22/zombie-poodle-and-goldendoodle-vulnerabilities).
Is it time for testssl.sh to do the same?
I searched for what appear to be relevant issues that had previously been opened on this subject, and didn't find anything obvious. If I've missed something, please let me know. Thanks!
At a certain point it'll be labeled accordingly, yes. (I prefer not to use the word deprecate here as testssl.sh is not e.g. a RFC). Some of the predecessors of newer problems with CBC ciphers are labeling those ciphers already. But this is not the right place, probably it'll be a test in standard ciphers.