[openssl-dev] Proposed cipher changes for post-1.0.2
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Feb 11 06:50:07 UTC 2015
On Tue 2015-02-10 19:22:44 -0500, Salz, Rich wrote:
>> currently, this is an error:
>>
>> 0 dkg at alice:~$ openssl ciphers -v ALL:!NO-SUCH-CIPHER
>> bash: !NO-SUCH-CIPHER: event not found
>> 0 dkg at alice:~$
>
> Yeah, but that's coming from bash, not openssl :)
> ; openssl ciphers -v ALL | wc
> 111 675 8403
> ; openssl ciphers -v ALL:!FOOBAR | wc
> 111 675 8403
d'oh! of course, thanks. <headdesks>
> RC4 in LOW has a bit of pushback so far. My cover for it is that the IETF says "don't use it." So I think saying "if you want it, say so" is the way to go.
I think that's the correct position. People who want to be able to
negotiate a deprecated cipher should need to explicitly state that
that's their intent.
--dkg
More information about the openssl-dev
mailing list