[openssl-users] no-weak-ssl-ciphers and OPENSSL_NO_WEAK_SSL_CIPHERS?
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Mar 7 00:38:27 UTC 2016
> On Mar 6, 2016, at 7:13 PM, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
>
>
>> On Mar 6, 2016, at 7:04 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>>
>> So my question is, does OPENSSL_NO_WEAK_SSL_CIPHERS do anything more
>> than remove RC4?
>
> In master, at present, that's it. This may change.
The only remaining use of MD5 I could find was:
NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
which is a NULL cipher, so you're not getting much security anyway,
but perhaps users of this still want strong data integrity, so we
could easily add this cipher to the 'weak' list...
--
Viktor.
More information about the openssl-users
mailing list