> On Mar 6, 2016, at 7:13 PM, Viktor Dukhovni <openssl-us...@dukhovni.org>
> wrote:
>
>
>> On Mar 6, 2016, at 7:04 PM, Jeffrey Walton <noloa...@gmail.com> wrote:
>>
>> So my question is, does OPENSSL_NO_WEAK_SSL_CIPHERS do anything more
>> than remove RC4?
>
> In master, at present, that's it. This may change.
The only remaining use of MD5 I could find was:
NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
which is a NULL cipher, so you're not getting much security anyway,
but perhaps users of this still want strong data integrity, so we
could easily add this cipher to the 'weak' list...
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
