Hi all, working with Apache mod_ssl and different versions of Openssl, I've realized that since version 0.9.8c, the ciphersuites called "rogue" have been disabled. I've read changelog but I can't understand the reason. I'm interested in using a 56-bit cipher algorithm between my Apache server and the client, because the latter is an small device with no much processor power, so It cant support 128-bit cipher, but It can use 40 or 56 bit cipher. As far as I know, 56 bit cipher is far more dificult to break than 40 bit (actually not very dificult to break I think), so I'd prefer to use 56 bit cipher. Could anybody explain me the reason for disabling 56-bit cipher in Openssl? Does anybody know how could I use a 56-bit cipher working with a recent version of Openssl? I've read something about using TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES directive when configuring and installing Openssl, but I would like to know why this name "EXPERIMENTAL", It doesnt make me feel very sure.... Thanks in advance. (If you think it's not the appropiate mailing-list, please let me know)
Sergio Bello
