oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: openssl default ciphers

From: "Eric H. Christensen" <echriste () redhat com>
Date: Mon, 4 Nov 2013 12:48:30 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Mon, Nov 04, 2013 at 06:16:30PM +0100, Stefan Bühler wrote:

I don't want to enforce PFS or break compatibility on purpose; so I
think the default could be a little bit less "secure" than what I would
actually recommend to use.


What software would we be breaking compatibility with?  Perhaps it would be a good idea to start a list of software 
that can't handle HIGH ciphers and attempt to work with those developers to "fix" the problem.

- -- Eric

- --------------------------------------------------
Eric "Sparks" Christensen
Red Hat, Inc - Product Security Team

sparks () redhat com - sparks () fedoraproject org
097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQGcBAEBCgAGBQJSd93nAAoJEB/kgVGp2CYvtsEMAJNeDquQDR670PPp/S6tpc+y
C4ldVebgQ7fAJjawjq53ZKgi72sUz6yhP713BoLt+j0hZTAy6HXhlpLuaekv+qJo
wgRIN8uGTvXvK9eY/7EXR5XvWe1SKUROiHvKNHTCtIlONPtdDZqMlbsWgFRwBT3W
x5GvZdiXKDE5lAfJE2RjlfYauwq/SDZY2fqlRvgVfOLAi1pZr/iIQIllfcgSQXRk
vqe93WZYkQWAOzk+t5AFmpEK30yXtkOkisbqQfbOGopQVioqj6RgqlE31IiVCj01
X5LJDe+lzTj0pZkdYnv9zMt/hik+rzGsc386ZW4V6UF/5CziH74OKs7S0w7DdxdX
UXNpS8pAsasNvbboXKVfutWfE3bf1/tJ7XMD0jG8u4I0a84BJWuiaXk9RzsVvViC
hIPyYgYNoTbSS9czAgJKnxLSQ//jq25mxns9DyL7Un8O2q5KkqfILqehPhf41BjH
lFUA6ioW1j2xmI/5FDY9ZkK2AZ4tIiA/Y8UnGPtFHQ==
=DovG
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: