I would like to make the following changes in the cipher specs, in the master
branch, which is planned for the next release after 1.0.2
Anything that uses RC4 or MD5 what was in MEDIUM is now moved to LOW
Anything that was 40-bit encryption is removed:
/* Cipher 03 "EXP-RC4-MD5" removed */
/* Cipher 06 "EXP-RC2-CBC-MD5" removed */
/* Cipher 08 "EXP-DES-CBC-SHA" removed */
/* Cipher 0B "EXP-DH-DSS-DES-CBC-SHA" removed */
/* Cipher 0E "EXP-DH-RSA-DES-CBC-SHA" removed */
/* Cipher 11 "EXP-DHE-DSS-DES-CBC-SHA" removed */
/* Cipher 14 "EXP-DHE-RSA-DES-CBC-SHA" removed */
/* Cipher 17 "EXP-ADH-RC4-MD5" removed */
/* Cipher 19 "EXP-ADH-DES-CBC-SHA" removed */
/* Cipher 26 "EXP-KRB5-DES-CBC-SHA" removed */
/* Cipher 27 "EXP-KRB5-RC2-CBC-SHA" removed */
/* Cipher 28 "EXP-KRB5-RC4-SHA" removed */
/* Cipher 29 "EXP-KRB5-DES-CBC-MD5" removed */
/* Cipher 2A "EXP-KRB5-RC2-CBC-MD5" removed */
/* Cipher 2B "EXP-KRB5-RC4-MD5" removed */
The value of DEFAULT changes to this:
ALL:!LOW:!EXPORT:!aNULL:!eNULL
The combination of the first and last changes means that anyone who wants or
needs to use, say RC4 must explicitly say so.
Comments?
--
Principal Security Engineer, Akamai Technologies
IM: [email protected]<mailto:[email protected]> Twitter: RichSalz
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
