[openssl-users] [Question] What are the current secure Configure Parameter?

Oliver Niebuhr googleersatz at oliverniebuhr.de
Mon Mar 14 19:03:05 UTC 2016


Am 10.03.2016 um 14:49 schrieb Wall, Stephen:
> 
>> -----Original Message-----
>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Oliver Niebuhr
>>
>> The Qt Wiki says, the following Parameters are minimum recommended:
>> no-ssl2 no-ssl3 no-idea no-mdc2 no-rc5
>>
>> My Questions are:
>> 1.) Are there any other Parameters that should be used?
> 
> I also add no-comp -DOPENSSL_NO_HEARTBEAT no-md2.
> 
> no-md2 might be a default.
> 
> Check Configure Options at https://wiki.openssl.org/index.php/Compilation_and_Installation for some other things you might not need, like no-srp no-psk no-dtls no-npn no-krb5 etc.  If this is a dedicated library for your application, I suggest you disable all features and ciphers you won't be using, for example, no-bf no-sha1 no-md5 no-seed etc....
> 
> If you control both ends, you could even distill it down to a single protocol cipher suite, like ECDHE-ECDSA-AES128-GCM-SHA256 with TLS1.2.
> 
Thanks. I will take a look at it.

Oliver

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160314/f219c4c4/attachment.sig>


More information about the openssl-users mailing list