On Fri, Mar 27, 2009 at 04:41:51PM -0400, Dave Moore wrote:
> I'm trying to understand what the various values in TLS1.h mean for the
> cipher selections.
Try:
openssl ciphers -v "TLSv1:@STRENGTH"
> Is there any benefit of one over the other?
Don't manually select ciphers. This just reduces interoperability.
For most applications the "DEFAULT" cipherlist is fine, but if you
want to not allow peers to use "EXPORT" and "LOW" grade ciphers, use:
"DEFAULT:!EXPORT:!LOW"
You should in that case also disable the SSLv2 protocol, and support
just SSLv3 and TLSv1.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
