Viktor gave some excellent advice. I'd tweak it by removing 'export' as
something to support. And perhaps use weak, good, strong -- whatever, keep the
number of choices very small. I'd suggest to not use "default" since folks will
get upset if it changes. They are more accepting if the definition of 'strong
cipher' changes with time. It's curious, but it's the way humans seem to work.
The openssl cipher spec is pretty darn subtle and it is far too easy to get
wrong.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
