On Thu, Jan 22, 2009 at 08:51:20PM -0500, Dave Thompson wrote:
> Except as noted above, this sounds reasonable. I assume you realize
> that ALL includes, and could possibly negotiate, some weak ciphers;
> but since you're explicitly adding eNULL you apparently don't care.
> It certainly should be able to negotiate SOMETHING.
Also, before 0.9.9, ALL may not be properly ordered by default, it
really is safer to use:
a...@strength
if one wants to use aNULL ciphers whenever mutually acceptable (i.e.
nobody is checking certificates anyway), then:
aNULL:ALL:@STRENGTH
is needed to put the aNULL (aka ADH) ciphers first (within each bit
strength category).
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
