> Master has "security levels", which still need some work, but are a less crude > mechanism for such tweaks. Disabling RC4 at security level 2 or some such, is > better than incompatibly reclassifying it as "LOW". We can discuss the > details > later.
That should probably also be done. But things like HIGH LOW, etc are point-in-time statements and raising the bar so that existing applications just get more secure without having to change anything is also worth doing. -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: rs...@jabber.me Twitter: RichSalz ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org