> On Jan 25, 2016, at 11:36 AM, Michel <michel.sa...@free.fr> wrote:
>
> Thank you very much for your answer Viktor !
> It works, using :
> openssl s_server -nocert -cipher "ALL:@STRENGTH:@SECLEVEL=0"
> openssl s_client -cipher "ALL:@STRENGTH:@SECLEVEL=0"
> I was able to handshake a "AECDH-AES256-SHA" cipher.
> :-)
> I will try to investigate deeper around the SECLEVEL=... keyword that I
> completely missed.
It is a very new feature and easy to miss amidst all other other new
features. I am currently working on fixing some corner cases in this
very code, so this is a good time to discuss whether @SECLEVEL should
have any bearing on aNULL support. My instinct is that it should not,
and I'm going to submit code that allows one to set a floor on the
various crypto primitives allowed even for aNULL connections (which
may be authenticated by other means).
--
Viktor.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
