On Po, 2014-06-30 at 15:19 +0200, Dr. Stephen Henson wrote:
> On Mon, Jun 30, 2014, Hubert Kario wrote:
>
> > As far as misconfigured servers go, single DES and export grade ciphers
> > are much, much more common problem at 20% and 15% respectively.
>
> The security levels code also addresses that. By default any ciphersuite
> offering below 80 bits of equivalent security is disabled along with SSLv2.
> That includes single DES and all export ciphersuites. It's also not something
> which can be reenabled by accident either. Even if a cipher list is set to ALL
> those still get disabled: the only way to reenable them is to set the security
> level to zero as well.
>
> Support is unfortunately only in master at present though.
Would it be possible to get it to 1.0.2? Or is that already closed for
enhancements? Or does it break ABI compatibility?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
