[openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2

Viktor Dukhovni openssl-users at dukhovni.org
Wed Feb 11 02:00:50 UTC 2015

On Wed, Feb 11, 2015 at 12:22:44AM +0000, Salz, Rich wrote:

> RC4 in LOW has a bit of pushback so far.  My cover for it is that
> the IETF says "don't use it."  So I think saying "if you want it,
> say so" is the way to go.

By all means, don't use it, but it is not OpenSSL's choice to make
by breaking the meaning of existing interfaces.

If you put RC4 in LOW, one can no longer exclude LOW ciphers if
one still needs RC4.  Nobody uses single-DES, but enough peers
still use (only) RC4 to make disabling of RC4 a choice best made
by applications.


More information about the openssl-users mailing list