Seconding Uri and Todd's views... On Feb 12, 2016, at 3:36 PM, Todd Short <[email protected]> wrote: >So, if it’s “mandatory”, then it should be in the default set of > ciphers, not necessarily the “HIGH” set. > > I’m selecting “HIGH” because I want 128-bit+ ciphers, not a cipher > that that has subsequently found to be weaker than previously > thought.
I have to agree. The docs on 'cipher' in no way convey that HIGH has any correlation to MTI (http://tools.ietf.org/html/rfc5246#section-9). My interpretation of the I IN MTI to mean "Implement" (an implementation detail necessary to meet the spec), but per the docs "HIGH" seems to indicate a choice of strength desired when running the software and therefore these seem a bit orthogonal. Is there no hope in softening that stance? Phil -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
