On Mon, Jun 30, 2014, Hubert Kario wrote: > As far as misconfigured servers go, single DES and export grade ciphers > are much, much more common problem at 20% and 15% respectively.
The security levels code also addresses that. By default any ciphersuite offering below 80 bits of equivalent security is disabled along with SSLv2. That includes single DES and all export ciphersuites. It's also not something which can be reenabled by accident either. Even if a cipher list is set to ALL those still get disabled: the only way to reenable them is to set the security level to zero as well. Support is unfortunately only in master at present though. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org