> On Feb 12, 2016, at 6:55 PM, Richard Moore <[email protected]> wrote:
>
> ​Personally I think the fact that HIGH includes ciphersuites that offer no
> MITM protection means that those who trust it have already been totally
> betrayed.
The correct way to use high-grade ciphers is.
"DEFAULT:!EXPORT:!LOW:!MEDIUM"
The various individual cipherlist building blocks are properly orthogonal,
and HIGH/MEDIUM/LOW/EXPORT covers only the symmetric algorithm strength.
One can also use it safely via constructs such as "HIGH:!aNULL:!aDSS:!kRSA"
(if say one also wants to disable DSA and RSA key transport).
--
--
Viktor.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
