On Wed, Dec 21, 2011 at 8:40 AM, Vincent Bernat <[email protected]> wrote: > More important, lighttp uses OpenSSL which is not compatible with TLS > 1.2. Therefore, the above cipher list is the same as: > RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM > > (you can check the output of "openssl ciphers")
Isn't aNULL disabled by default? Same for MD5? Shouldn't this be handled in OpenSSL instead of in every app using OpenSLL? Olaf -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAA7U3HOd2OnXcOFQHy19MWverzfU=FkUSERcBim8QQVPOp=r...@mail.gmail.com
