I noticed a new option no-weak-ssl-ciphers. It defines OPENSSL_NO_WEAK_SSL_CIPHERS.
>From a grep it looks like OPENSSL_NO_WEAK_SSL_CIPHERS is used by s3_lib.c. Inspecting the hits, it appears the define disables cipher suites with RC4. I also noticed there is some use of MD5 which is not guarded by OPENSSL_NO_WEAK_SSL_CIPHERS. I mention it because of the browser's Obsolete Cryptography warning (http://security.stackexchange.com/q/83831 and https://codereview.chromium.org/703143003). So my question is, does OPENSSL_NO_WEAK_SSL_CIPHERS do anything more than remove RC4? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
