We've been testing clients using OpenSSL against https://howsmyssl.com/a/check and noticed that those using the OpenSSL_add_all_algorithms() have insecure export cipher suites included by default. These cipher suites are using keys less than the currently recommended 128-bit keys.
For instance, curl was burned by this: http://sourceforge.net/p/curl/bugs/1323/ I'm not sure if this is a compliance issue, or not, but it would a huge boon to the community to have only secure cipher suites included in client preference lists. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
