On Tuesday 10 February 2015 21:46:46 Viktor Dukhovni wrote: > On Tue, Feb 10, 2015 at 09:15:36PM +0000, Salz, Rich wrote: > > I would like to make the following changes in the cipher specs, in the > > master branch, which is planned for the next release after 1.0.2 > > > > Anything that uses RC4 or MD5 what was in MEDIUM is now moved to LOW > > Note, that RC4 is already the only commonly used cipher-suite in MEDIUM. > > Changing the definitions of EXPOR, LOW, MEDIUM introduces significant > compatibility issues for opportunistic TLS (e.g. Postfix) where > RC4 is still required for interop and is better than cleartext.
Opportunistic TLS is a-typical use of TLS. One that is vulnerable to trivial MitM attacks by the very definition. Using "ALL", possibly "ALL:!aNULL", instead of "DEFAULT" doesn't make it much less secure. -- Regards, Hubert Kario _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev