On Thu, May 01, 2014 at 12:35:52PM +0100, Rob Stradling wrote: > Steve, have you considered trimming the DEFAULT cipher list?
This would be a *major* incompatibility. The master branch has security levels, which are a step in the right direction. It is perhaps safe to drop EXPORT, LOW and MD5, and not much else. > It's currently... > #define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" > > I wonder how many of these ciphers are actually ever negotiated in > real-world use. There are a lot of "real-world" uses that we don't know about. The world is not just HTTPS. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org