On Mon, Jun 30, 2014, Tomas Mraz wrote: > On Po, 2014-06-30 at 15:19 +0200, Dr. Stephen Henson wrote: > > On Mon, Jun 30, 2014, Hubert Kario wrote: > > > > > As far as misconfigured servers go, single DES and export grade ciphers > > > are much, much more common problem at 20% and 15% respectively. > > > > The security levels code also addresses that. By default any ciphersuite > > offering below 80 bits of equivalent security is disabled along with SSLv2. > > That includes single DES and all export ciphersuites. It's also not > > something > > which can be reenabled by accident either. Even if a cipher list is set to > > ALL > > those still get disabled: the only way to reenable them is to set the > > security > > level to zero as well. > > > > Support is unfortunately only in master at present though. > > Would it be possible to get it to 1.0.2? Or is that already closed for > enhancements? Or does it break ABI compatibility? >
The ABI is compliant. I'd love to get it into 1.0.2 but since it's in a code freeze and in beta no new features are permitted. The changes to add security levels are rather significant and not very well tested yet. They will be in OpenSSL 1.0.3 which will be released much sooner than previous feature releases. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
