On 06/11/18 15:14, Tomas Mraz wrote:
> Okay, so IIUC now, this is an all-or-nothing kind of change. If
I
> elect/need to use LEGACY to administer some old hardware that I
> cannot
> otherwise connect to using the defaults, then I'm compromising that
> host's security for anything/everything its used for until it's taken
> back off LEGACY and returned to whatever the non-LEGACY is called.
> Do I
> have it right now?
Yes, except one thing. Just by switching to LEGACY it does not mean
you're compromising the host's security. The protocol negotiation and
ciphersuite ordering still applies and it will use the best available
protocol and ciphersuite and not some random insecure protocol version
and ciphersuite. The insecure protocols and ciphersuites will be used
only in the case the other end does not know anything better.
Could switching to LEGACY allow some man-in-the-middle downgrade
attacks, in which an attacker manipulates the initial phases of
handshakes, and tricks the parties to use a weaker protocol?
Kai