Bodo Moeller wrote:
>
> On Wed, Feb 07, 2001 at 07:15:25PM +0100, [EMAIL PROTECTED] wrote:
>
> > + *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
> > + handle the new API. Currently only ECB, CBC modes supported. Add new
> > + AES OIDs. Add TLS AES ciphersuites as described in the "AES Ciphersuites
> > + for TLS" draft-ietf-tls-ciphersuite-03.txt.
> > + [Ben Laurie, Steve Henson]
>
> I'm not sure if it's a good idea to activate these ciphersuites by
> default (i.e., include them in 'ALL') before they are official;
> especially at such a prominent position of the ciphersuite list.
>
Yes OK. There's several ways we could go:
1. Have a #define such as "EXPERIMENTAL_AES_CIPHERSUITES which would go
away when they become official.
2. Remove them from DEFAULT (add -AES or !AES in there) so they only
appear in custom cipher lists, like ADH currently.
3. Remove them from ALL so they need to be added to any existing
cipherlist (like eNULL currently).
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
