On Thu, May 01, 2014 at 12:35:52PM +0100, Rob Stradling wrote:
> Steve, have you considered trimming the DEFAULT cipher list?
This would be a *major* incompatibility. The master branch has
security levels, which are a step in the right direction.
It is perhaps safe to drop EXPORT, LOW and MD5, and not much else.
> It's currently...
> #define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
>
> I wonder how many of these ciphers are actually ever negotiated in
> real-world use.
There are a lot of "real-world" uses that we don't know about.
The world is not just HTTPS.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
