> Personally i am willing to put enough trust in the OpenSSL team *even > insofar* as i now do 'set ssl-protocol="ALL,-VULNERABLE"' > and leave the task of deciding what is VULNERABLE up to you.
That is not a responsibility we want. No how, no way. It is enough to be responsible for the code. There are better alternatives, including bettercrypto.org and another proposal from RedHat to have site/distro-specific 'profiles' _______________________________________________ openssl-dev mailing list openssl-dev@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev