[openssl-dev] [openssl.org #3627] Enhancement request: add more "Protocol" options for SSL_CONF_CTX

[Salz, Rich via RT]

> Personally i am willing to put enough trust in the OpenSSL team *even
> insofar* as i now do 'set ssl-protocol="ALL,-VULNERABLE"'
> and leave the task of deciding what is VULNERABLE up to you.

That is not a responsibility we want.  No how, no way.  It is enough to be responsible for the code.

There are better alternatives, including bettercrypto.org and another proposal from RedHat to have site/distro-specific 'profiles'