> On Feb 12, 2016, at 6:55 PM, Richard Moore <richmoor...@gmail.com> wrote: > > ​Personally I think the fact that HIGH includes ciphersuites that offer no > MITM protection means that those who trust it have already been totally > betrayed.
The correct way to use high-grade ciphers is. "DEFAULT:!EXPORT:!LOW:!MEDIUM" The various individual cipherlist building blocks are properly orthogonal, and HIGH/MEDIUM/LOW/EXPORT covers only the symmetric algorithm strength. One can also use it safely via constructs such as "HIGH:!aNULL:!aDSS:!kRSA" (if say one also wants to disable DSA and RSA key transport). -- -- Viktor. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev