[openssl-users] stunnel 5.46 released

Michael Wojcik Michael.Wojcik at microfocus.com
Thu May 31 12:09:47 UTC 2018


> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Thursday, May 31, 2018 03:40
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] stunnel 5.46 released
>
>
> > On May 31, 2018, at 3:27 AM, Michał Trojnara
> <Michal.Trojnara at stunnel.org> wrote:
> >
> > AFAIR EC cipher suites were introduced in OpenSSL 1.0.0, so those LTS
> > systems must be using OpenSSL 0.9.x.
>
> Actually, no.  For IP-related reasons, RedHat for a long time
> disabled EC support in OpenSSL 1.0.x.  I expect some of those
> systems are still deployed.

As do some other products that use OpenSSL. There's a great deal of FUD regarding ECC.

For the record, I'm with Viktor on this. WeakDH does not justify disabling finite-field DHE entirely; that's a misinterpretation of the WeakDH discovery. There's no advantage to having !DH in the default cipher string.

--
Michael Wojcik
Distinguished Engineer, Micro Focus




More information about the openssl-users mailing list