[openssl-users] [openssl-dev] Proposed cipher changes for post-1.0.2
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Feb 11 07:13:46 UTC 2015
On Wed, Feb 11, 2015 at 01:50:07AM -0500, Daniel Kahn Gillmor wrote:
> > RC4 in LOW has a bit of pushback so far. My cover for it is that the
> > IETF says "don't use it." So I think saying "if you want it, say so" is
> > the way to go.
>
> I think that's the correct position. People who want to be able to
> negotiate a deprecated cipher should need to explicitly state that
> that's their intent.
I do:
aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH
The proposal to now misclassify RC4 as LOW (lumped in with single
DES and similar) needlessly breaks this.
--
Viktor.
More information about the openssl-users
mailing list