Josh MacDonald wrote:
>
> In order to use a null encryption cipher I have to supply a special
> CPP flag (SSL_ALLOW_ENULL) when I *compile* it. This makes it difficult
> to write an application which uses NULL encryption, and there is no way
> for the programmer to re-enable NULL filters. If you insist on this
> somewhat questionable feature, then at least there should be a way to
> enable them with the API, but I recommend removing NULL filters from
> the mask used to initialize the cipher list. At least someone should
> be able to justify this.
I agree. The TLS spec, at least, only forbids the completely NULL
ciphersuite (TLS_NULL_WITH_NULL_NULL), so to be conformant we should
allow them. I'm going to reverse the flag (SSL_FORBID_ENULL) for those
who want back compatibility.
But ... why do you want to use them?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
