Re: [openssl-users] Re-enable 3DES on NGINX + OpenSSL 1.1.1

3DES is considered to only be 112 bits in strength. The default security level is 1 (which allows most things), perhaps nginx resets the security level to 3 or greater (which means a minimum of 128-bit ciphers). -- -Todd Short // tsh...@akamai.com // "One if by land, tw

Re: [openssl-users] QNX 6.5 OpenSSL Build

You can add the "no-dso" option to the command line to avoid this feature, but you lose access to loading engines. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." On Sep 16, 2018, at 1:04 PM, Viktor Dukhovni mailto:opens

Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working

>The users who delay or block automatic updates tend to greatly overlap with the users who actively block remote telemetry of their update habits, thus skewing such statistics of "get almost full coverage within a month or two". But not downloads. :) Shrug. -- openssl-users ma

Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working

On 18/09/2018 19:11, Salz, Rich via openssl-users wrote: My point was about the likelihood of last-draft browsers lingering on in the real world for some time (like 1 to 3 years) after the TLS1.3-final browser versions ship. I do not think this is a concern. Chrome and FF auto-up