Message150021
> with your latest proposal 'HIGH:!aNULL:!eNULL:!SSLv2' :
> - MD5 was disabled
> - IDEA was disabled
> - SEED was disabled
That was the consequence of it, but that wasn't an explicit goal.
> Generally speaking, as a concept to define a default we could:
> - Start from a FIPS-140 compliant SSL stack
> - Open some additional ciphers for compatibility reason (for example
> RC4-SHA)
>
> What do you think about such approach?
As I already said, the more sophisticated the approach, the more tedious
the maintenance. |
|
Date |
User |
Action |
Args |
2011-12-21 17:26:40 | pitrou | set | recipients:
+ pitrou, gregory.p.smith, jcea, naif |
2011-12-21 17:26:39 | pitrou | link | issue13636 messages |
2011-12-21 17:26:39 | pitrou | create | |
|