On Wed, Feb 11, 2015 at 03:46:54PM +, Salz, Rich wrote:
> > I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it
> > explicitly in DEFAULT) is a good one that maintains important backward
> > compatibility while providing the desired removal of RC4 by default. There's
> > no ad
> I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it
> explicilty in DEFAULT) is a good one that maintains important backward
> compatibility while providing the desired removal of RC4 by default. There's
> no advantage to moving RC4 to LOW.
Sure there is: it's an accurate descr
On Wed, Feb 11, 2015 at 03:30:57AM +, Salz, Rich wrote:
> > By all means, don't use it, but it is not OpenSSL's choice to make by
> > breaking
> > the meaning of existing interfaces.
>
> Except that we've explicitly stated we're breaking things with this new
> release.
>
> Those magic ciph
