[openssl-commits] [web] master update

Rich Salz rsalz at openssl.org
Tue Jan 2 15:27:03 UTC 2018

The branch master has been updated
       via  db6d2f57505d4d242e35ec109a701e9be91e0d8e (commit)
      from  40b0bf748f8105aff3e240eb2036d67ed3fdf9b8 (commit)

- Log -----------------------------------------------------------------
commit db6d2f57505d4d242e35ec109a701e9be91e0d8e
Author: nickthetait <nicholas.tait at ieee.org>
Date:   Tue Jan 2 16:09:50 2018 -0700

    Create FAQ entry for enabling weak ciphers
    Fixes #18
    (Merged from https://github.com/openssl/web/pull/36)


Summary of changes:
 docs/faq-4-build.txt | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/docs/faq-4-build.txt b/docs/faq-4-build.txt
index e60d788..55f7e85 100644
--- a/docs/faq-4-build.txt
+++ b/docs/faq-4-build.txt
@@ -170,3 +170,19 @@ at @@@https://www.openssl.org/community/omc.html@@@.
 Note that bugs only present in the openssl utility are not in general
 considered to be security issues.
+* How do I enable weak ciphers?
+Warning: known-insecure ciphers are disabled in newer releases of OpenSSL.
+There is good reason why these have been disabled by default. Consider upgrading
+to more robust options as these ciphers may only provide a facade of security.
+This option is not recommended for anyone other than maintainers of legacy
+You must set the weak ciphers flag and override the default SECLEVEL with:
+    ./config enable-weak-ssl-ciphers -DOPENSSL_TLS_SECURITY_LEVEL=0
+Then follow compilation/install procedure like normal...

More information about the openssl-commits mailing list