[openssl-users] no-weak-ssl-ciphers and OPENSSL_NO_WEAK_SSL_CIPHERS?

Viktor Dukhovni openssl-users at dukhovni.org
Mon Mar 7 00:38:27 UTC 2016

> On Mar 6, 2016, at 7:13 PM, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
>> On Mar 6, 2016, at 7:04 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>> So my question is, does OPENSSL_NO_WEAK_SSL_CIPHERS do anything more
>> than remove RC4?
> In master, at present, that's it.  This may change.

The only remaining use of MD5 I could find was:

  NULL-MD5                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=MD5 

which is a NULL cipher, so you're not getting much security anyway,
but perhaps users of this still want strong data integrity, so we
could easily add this cipher to the 'weak' list...


More information about the openssl-users mailing list