[openssl-users] no-weak-ssl-ciphers and OPENSSL_NO_WEAK_SSL_CIPHERS?
openssl-users at dukhovni.org
Mon Mar 7 00:38:27 UTC 2016
> On Mar 6, 2016, at 7:13 PM, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
>> On Mar 6, 2016, at 7:04 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>> So my question is, does OPENSSL_NO_WEAK_SSL_CIPHERS do anything more
>> than remove RC4?
> In master, at present, that's it. This may change.
The only remaining use of MD5 I could find was:
NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
which is a NULL cipher, so you're not getting much security anyway,
but perhaps users of this still want strong data integrity, so we
could easily add this cipher to the 'weak' list...
More information about the openssl-users