[openssl-users] no-weak-ssl-ciphers and OPENSSL_NO_WEAK_SSL_CIPHERS?

Viktor Dukhovni openssl-users at dukhovni.org
Mon Mar 7 00:38:27 UTC 2016


> On Mar 6, 2016, at 7:13 PM, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
> 
> 
>> On Mar 6, 2016, at 7:04 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>> 
>> So my question is, does OPENSSL_NO_WEAK_SSL_CIPHERS do anything more
>> than remove RC4?
> 
> In master, at present, that's it.  This may change.

The only remaining use of MD5 I could find was:

  NULL-MD5                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=MD5 

which is a NULL cipher, so you're not getting much security anyway,
but perhaps users of this still want strong data integrity, so we
could easily add this cipher to the 'weak' list...

-- 
	Viktor.



More information about the openssl-users mailing list