[openssl-dev] [openssl-users] Proposed cipher changes for post-1.0.2

Salz, Rich rsalz at akamai.com
Wed Feb 11 15:46:54 UTC 2015


> I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it
> explicilty in DEFAULT) is a good one that maintains important backward
> compatibility while providing the desired removal of RC4 by default. There's
> no advantage to moving RC4 to LOW.

Sure there is:  it's an accurate description of the quality of protection provided by the algorithm. :)

It's also compatible with our documentation, which as was pointed out, always uses the word "currently" to describe the magic keywords.

And it's also planned for the next version which won't be available until near the end of the year.

And it's also compliant with the expected publication of the IETF RFC's that talk about TLS configuration and attacks.

Postfix can work lay the groundwork to be future-compliant by changing its default configuration to be HIGH:MEDIUM:RC4.



More information about the openssl-dev mailing list