On Mon, Jun 03, 2013 at 07:25:24AM -0400, John Foley wrote:
> Rather than dropping it from the list, another option would be to
> re-prioritize the list. Given MD5 is weak, it should be at the end of
> the ClientHello signature algorithms extensions. This would facilitate
> backwards compatibilit
On Mon, Jun 03, 2013 at 07:25:24AM -0400, John Foley wrote:
> Rather than dropping it from the list, another option would be to
> re-prioritize the list. Given MD5 is weak, it should be at the end of
> the ClientHello signature algorithms extensions. This would facilitate
> backwards compatibilit
Way cool!
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of Dr. Stephen Henson
Sent: Monday, June 03, 2013 9:08 AM
To: openssl-dev@openssl.org
Cc: k...@roeckx.be
Su
On Mon, Jun 03, 2013, Salz, Rich wrote:
> It's a general problem; what if the client list contains stronger ciphers but
> they appear after the weaker ones?
>
> We modified code so that the server side can have its own ordered list, and
> it will search through that list from what the client of
It's a general problem; what if the client list contains stronger ciphers but
they appear after the weaker ones?
We modified code so that the server side can have its own ordered list, and it
will search through that list from what the client offers.
If I can get the patches released, is there
Rather than dropping it from the list, another option would be to
re-prioritize the list. Given MD5 is weak, it should be at the end of
the ClientHello signature algorithms extensions. This would facilitate
backwards compatibility, while improving the security posture when
communicating with peer
Rather than dropping it from the list, another option would be to
re-prioritize the list. Given MD5 is weak, it should be at the end of
the ClientHello signature algorithms extensions. This would facilitate
backwards compatibility, while improving the security posture when
communicating with peer