The branch master has been updated
via ea3e33718a7158c159b9cc385015ed975e40bb8f (commit)
from e2ddd31429c929b348a986ca8aca415b5b889aa5 (commit)
- Log -----------------------------------------------------------------
commit ea3e33718a7158c159b9cc385015ed975e40bb8f
Author: Benjamin Kaduk <bka...@akamai.com>
Date: Wed Sep 6 15:49:10 2017 -0500
Attempt to add a FAQ about TLS security levels
Reviewed-by: Matt Caswell <m...@openssl.org>
(Merged from https://github.com/openssl/web/pull/23)
-----------------------------------------------------------------------
Summary of changes:
docs/faq-3-prog.txt | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/docs/faq-3-prog.txt b/docs/faq-3-prog.txt
index 45a33ad..8665b0a 100644
--- a/docs/faq-3-prog.txt
+++ b/docs/faq-3-prog.txt
@@ -142,6 +142,19 @@ Rules (DER): these uniquely specify how a given structure
is encoded.
Therefore, because DER is a special case of BER, DER is an acceptable encoding
for BER.
+* I tried to set a cipher list with a valid cipher, but the call fails, why?
+
+OpenSSL 1.1.0 introduced the concept of a “security level”,
allowing
+for a configuration to be made more secure by excluding algorithms
+and key sizes that are known to be flawed or susceptible to brute force at
+a given level of work. SSL_CTX_set_security_level(3) can be used to
+programmatically set a security level, or the keyword "@SECLEVEL=N" can
+be used in a TLS cipher string, for values of N from 0 to 5 (inclusive).
+The default is level 1, which excludes MD5 as the MAC and algorithms
+with less than 80 bits of security. A value of 0 can be used, with appropriate
+caution, to produce behavior compatible with previous versions of OpenSSL
+(to the extent possible), but this is not recommended for general usage.
+
* I've called <some function> and it fails, why?
Before submitting a report or asking in one of the mailing lists, you
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
