> - Do you think any use for supporting some kind of alias for families of > cipher in SSL_set_ciphersuites, like for example "TLSv1.3"
Suppose someone finds out that chacha/poly is insecure and the IETF issues a new RFC that says "TLS 1.3 MUST NOT use" that cipher. Should the openssl alias change? It can be wordy, but explicitly listing ciphers and not using aliases (HIGH EXPORT etc) is really better. As for ease of use, just don't allow the ciphers to be configured.
