Ben Laurie wrote:
> I agree. The TLS spec, at least, only forbids the completely NULL
> ciphersuite (TLS_NULL_WITH_NULL_NULL), so to be conformant we should
> allow them. I'm going to reverse the flag (SSL_FORBID_ENULL) for those
> who want back compatibility.
>
> But ... why do you want to use them?
>
As Josh said, we want authentication, not encryption. We obtained
an export licence for the Globus code. The user obtaines SSLeay on their
own. We don't use encryption, and don't make it any easier for the user
to use the SSLeay encryption.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
