Package: apf Severity: serious Tags: security Hi,
Looking at your package I saw this:
if (SSL_CTX_set_cipher_list(ctx, "ALL:@STRENGTH") == 0) {
This enabled all ciphersuites, including those that don't provide
any authentication or encryption. This is ussually not what you
want. You probably want the defaults instead.
Kurt

