[openssl-users] explicitly including other ciphers.

Jacob Champion champion.p at gmail.com
Thu Dec 3 22:32:58 UTC 2015

On 12/03/2015 01:50 PM, Richard Moore wrote:
> ​If network is fully isolated you could use plain text. Using 'https'
> and null encryption is basically just pretending to do security.

I've never done any work with the eNULL ciphers, so please correct me if 
I'm wrong, but wouldn't they still prevent active tampering with the 
HTTPS communication?

(I understand your point; most web applications today require 
confidentiality to be secure, since sniffing cookies and passwords will 
give you access to the system, but maybe the OP has a use case that 
doesn't require it.)


More information about the openssl-users mailing list