What is the "correct" way to limit cipher suite strength, as in get rid of "weak" ciphers? I am contemplating building an openssl version with no support for export ciphers, and no support for SSLv2 cipher suites. I tried the config args of "no-ssl2" and "no-export", and got half the intended result. The SSLv2 suites are gone, but the export strength remains.
So, what's the right way to do this? Thanks, rnd
