+1 Also, I would like to add that companies and some "security" appliances vendors really fail to understand the different ciphers properties (especially outside the web world).
Therefore, IMHO, providing a more fool-proof configuration (e.g. a strict definition of HIGH and disabling the rest by default) is something I would really welcome and recommend for future releases. Cheers, Max > On Feb 12, 2016, at 9:29 PM, Salz, Rich <rs...@akamai.com> wrote: > > >> Well, it would be a major compatibility break for 1.0.2 and earlier, so no go >> there. As for 1.1.0, folks > > Or those who trust us to say what HIGH means should, well, not be lied to. > > Something must be changed for 1.1 Either 3DES moves out of HIGH or the > definition of HIGH as documented in the manpage must change. > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
