On Tue, Sep 09, 2014 at 07:04:36PM +0200, Jakob Bohm wrote:
> In addition to removing the very-weak (less than 70 bits security)
> ciphers from the default list,this would be a good opportunity to
> reorder the default list (either via the define, or bettervia whatever
> internal priorities guide the interpretation of a similar user-provided
> list), tomaximize security, similar to what is checked e.g. by the
> online "ssllabs" checker.
>
> Basically: Prefer PFS suites to non-PFS suites (i.e. prefer EDH/ECDH to
> bare RSA) at each nominalsecurity level (256 bits, 192 bits, 128 bits,
> ...)
This is already the case starting 1.0.0.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
