On Tue, Sep 09, 2014 at 08:13:40AM -0400, Salz, Rich wrote:
> > Please consider also adding !SSLv3 and !RC4 to this list.
>
> My plan is to move RC4 and MD5 to LOW; see RT3518.
Moving RC4 to "LOW" is also premature. It is already at the bottom
of the medium cipherlist, that should be enough.
Opportunistic security is degraded when TLS handshakes fail, and
applications resort to cleartext. Instead of additional security
such changes often lead to reduced security.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
