[openssl-commits] [web] master update
Rich Salz
rsalz at openssl.org
Tue Jan 2 15:27:03 UTC 2018
The branch master has been updated
via db6d2f57505d4d242e35ec109a701e9be91e0d8e (commit)
from 40b0bf748f8105aff3e240eb2036d67ed3fdf9b8 (commit)
- Log -----------------------------------------------------------------
commit db6d2f57505d4d242e35ec109a701e9be91e0d8e
Author: nickthetait <nicholas.tait at ieee.org>
Date: Tue Jan 2 16:09:50 2018 -0700
Create FAQ entry for enabling weak ciphers
Fixes #18
(Merged from https://github.com/openssl/web/pull/36)
-----------------------------------------------------------------------
Summary of changes:
docs/faq-4-build.txt | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/docs/faq-4-build.txt b/docs/faq-4-build.txt
index e60d788..55f7e85 100644
--- a/docs/faq-4-build.txt
+++ b/docs/faq-4-build.txt
@@ -170,3 +170,19 @@ at @@@https://www.openssl.org/community/omc.html@@@.
Note that bugs only present in the openssl utility are not in general
considered to be security issues.
+
+* How do I enable weak ciphers?
+
+Warning: known-insecure ciphers are disabled in newer releases of OpenSSL.
+There is good reason why these have been disabled by default. Consider upgrading
+to more robust options as these ciphers may only provide a facade of security.
+This option is not recommended for anyone other than maintainers of legacy
+applications.
+
+You must set the weak ciphers flag and override the default SECLEVEL with:
+
+<PRE>
+ ./config enable-weak-ssl-ciphers -DOPENSSL_TLS_SECURITY_LEVEL=0
+</PRE>
+
+Then follow compilation/install procedure like normal...
More information about the openssl-commits
mailing list